[jboss-jira] [JBoss JIRA] (WFLY-6545) Add an attribute to the JSF subsystem to specify whether or not DOCTYPE declarations in JSF deployments should be disallowed
Farah Juma (JIRA)
issues at jboss.org
Thu Apr 21 16:16:01 EDT 2016
Farah Juma created WFLY-6545:
--------------------------------
Summary: Add an attribute to the JSF subsystem to specify whether or not DOCTYPE declarations in JSF deployments should be disallowed
Key: WFLY-6545
URL: https://issues.jboss.org/browse/WFLY-6545
Project: WildFly
Issue Type: Feature Request
Components: JSF
Affects Versions: 10.0.0.Final
Reporter: Farah Juma
Assignee: Farah Juma
When JAXP secure processing features are added to Xerces (i.e., once Ron Sigal's [Xerces PR|https://github.com/jboss/xerces/pull/12] is merged), WildFly will be using a {{SAXParserFactory}} implementation that disallows DOCTYPE declarations by default. This will cause a {{ServletException}} to occur when accessing any JSF .xhtml page that includes a DOCTYPE declaration. We should give users the option to override this default behaviour and allow DOCTYPE declarations for JSF apps, if desired. We can accomplish this as follows:
1) Add a "com.sun.faces.disallowDoctypeDecl" context parameter to Mojarra to explicitly specify whether or not DOCTYPE declarations should be allowed.
* I've created [JAVASERVERFACES-4130|https://java.net/jira/browse/JAVASERVERFACES-4130] to track this and I've submitted a patch upstream to the Mojarra team.
2) Add a {{disallow-doctype-decl}} attribute to the JSF subsystem to specify the default value of the "com.sun.faces.disallowDoctypeDecl" context parameter for JSF apps.
* I've implemented the changes required for this:
https://github.com/fjuma/wildfly/commit/e6076549ea5c4b84a93dbe4ea0db9f8c2d65af26
If my patch for the new context parameter looks good to the Mojarra team, I can apply it to our Mojarra fork and submit a PR against WildFly with these changes.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list