From be50b27b489520f16c6a788fbe831d12853cc346 Mon Sep 17 00:00:00 2001 From: Tobias Soloschenko Date: Sat, 11 May 2024 18:51:30 +0200 Subject: [PATCH 1/5] feat: configurable transformer factory --- .../wicket/util/resource/XSLTResourceStream.java | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java b/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java index 5fe6250d01d..1ccadcc658e 100644 --- a/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java +++ b/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java @@ -42,9 +42,6 @@ */ public class XSLTResourceStream extends AbstractResourceStream { - /** - * - */ private static final long serialVersionUID = 1L; private final transient ByteArrayOutputStream out; @@ -77,7 +74,7 @@ public XSLTResourceStream(final IResourceStream xsltResource, final IResourceStr javax.xml.transform.Result result = new javax.xml.transform.stream.StreamResult(out); // create an instance of TransformerFactory - javax.xml.transform.TransformerFactory transFact = javax.xml.transform.TransformerFactory.newInstance(); + javax.xml.transform.TransformerFactory transFact = getTransformerFactory(); javax.xml.transform.Transformer trans = transFact.newTransformer(xsltSource); Map parameters = getParameters(); @@ -102,6 +99,16 @@ public XSLTResourceStream(final IResourceStream xsltResource, final IResourceStr } } + /** + * Used to provide a configured {@link javax.xml.transform.TransformerFactory}. + * + * @return the transformer factory + */ + protected javax.xml.transform.TransformerFactory getTransformerFactory() + { + return javax.xml.transform.TransformerFactory.newInstance(); + } + /** * @see org.apache.wicket.util.resource.IResourceStream#close() */ From 7a518dda8b41efeabdf147463ced9e770e962464 Mon Sep 17 00:00:00 2001 From: Tobias Soloschenko Date: Mon, 13 May 2024 10:14:38 +0200 Subject: [PATCH 2/5] fix: configurable transformer factory as param --- .../util/resource/XSLTResourceStream.java | 28 +++++++++++-------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java b/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java index 1ccadcc658e..30e49d59ba2 100644 --- a/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java +++ b/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java @@ -56,13 +56,27 @@ protected Map getParameters() /** * Construct. - * + * * @param xsltResource * the XSL stylesheet as an {@link IResourceStream} * @param xmlResource * the input XML document as an {@link IResourceStream} */ public XSLTResourceStream(final IResourceStream xsltResource, final IResourceStream xmlResource) + { + this(xsltResource, xmlResource, javax.xml.transform.TransformerFactory.newInstance()); + } + /** + * Construct. + * + * @param xsltResource + * the XSL stylesheet as an {@link IResourceStream} + * @param xmlResource + * the input XML document as an {@link IResourceStream} + * @param transformerFactory + * the transformer factory used to transform the xmlResource + */ + public XSLTResourceStream(final IResourceStream xsltResource, final IResourceStream xmlResource, javax.xml.transform.TransformerFactory transformerFactory) { try { @@ -74,7 +88,7 @@ public XSLTResourceStream(final IResourceStream xsltResource, final IResourceStr javax.xml.transform.Result result = new javax.xml.transform.stream.StreamResult(out); // create an instance of TransformerFactory - javax.xml.transform.TransformerFactory transFact = getTransformerFactory(); + javax.xml.transform.TransformerFactory transFact = transformerFactory; javax.xml.transform.Transformer trans = transFact.newTransformer(xsltSource); Map parameters = getParameters(); @@ -99,16 +113,6 @@ public XSLTResourceStream(final IResourceStream xsltResource, final IResourceStr } } - /** - * Used to provide a configured {@link javax.xml.transform.TransformerFactory}. - * - * @return the transformer factory - */ - protected javax.xml.transform.TransformerFactory getTransformerFactory() - { - return javax.xml.transform.TransformerFactory.newInstance(); - } - /** * @see org.apache.wicket.util.resource.IResourceStream#close() */ From 3119dc5ec33cc200f8b5410af44f68dc01c0598d Mon Sep 17 00:00:00 2001 From: Tobias Soloschenko Date: Mon, 13 May 2024 11:28:16 +0200 Subject: [PATCH 3/5] fix: configurable transformer with default init --- .../util/resource/XSLTResourceStream.java | 41 ++++++++++++++----- 1 file changed, 31 insertions(+), 10 deletions(-) diff --git a/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java b/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java index 30e49d59ba2..977b7e09a8b 100644 --- a/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java +++ b/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java @@ -26,6 +26,15 @@ import org.apache.wicket.util.io.IOUtils; import org.apache.wicket.util.lang.Bytes; +import javax.xml.XMLConstants; +import javax.xml.transform.Result; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerConfigurationException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.stream.StreamResult; +import javax.xml.transform.stream.StreamSource; + /** * {@link IResourceStream} that applies XSLT on an input {@link IResourceStream}. The XSL stylesheet * itself is also an {@link IResourceStream}. Override {@link #getParameters()} to pass parameters @@ -64,8 +73,24 @@ protected Map getParameters() */ public XSLTResourceStream(final IResourceStream xsltResource, final IResourceStream xmlResource) { - this(xsltResource, xmlResource, javax.xml.transform.TransformerFactory.newInstance()); + this(xsltResource, xmlResource, defaultTransformerFactory()); } + + /** + * Creates a default transformer factory with XMLConstants.FEATURE_SECURE_PROCESSING set to true + * + * @return a default transformer factory + */ + private static TransformerFactory defaultTransformerFactory() { + TransformerFactory factory = TransformerFactory.newInstance(); + try { + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + } catch (TransformerConfigurationException e) { + throw new RuntimeException(e); + } + return factory; + } + /** * Construct. * @@ -76,21 +101,17 @@ public XSLTResourceStream(final IResourceStream xsltResource, final IResourceStr * @param transformerFactory * the transformer factory used to transform the xmlResource */ - public XSLTResourceStream(final IResourceStream xsltResource, final IResourceStream xmlResource, javax.xml.transform.TransformerFactory transformerFactory) + public XSLTResourceStream(final IResourceStream xsltResource, final IResourceStream xmlResource, TransformerFactory transformerFactory) { try { - javax.xml.transform.Source xmlSource = new javax.xml.transform.stream.StreamSource( - xmlResource.getInputStream()); - javax.xml.transform.Source xsltSource = new javax.xml.transform.stream.StreamSource( - xsltResource.getInputStream()); + Source xmlSource = new StreamSource(xmlResource.getInputStream()); + Source xsltSource = new StreamSource(xsltResource.getInputStream()); out = new ByteArrayOutputStream(); - javax.xml.transform.Result result = new javax.xml.transform.stream.StreamResult(out); + Result result = new StreamResult(out); - // create an instance of TransformerFactory - javax.xml.transform.TransformerFactory transFact = transformerFactory; + Transformer trans = transformerFactory.newTransformer(xsltSource); - javax.xml.transform.Transformer trans = transFact.newTransformer(xsltSource); Map parameters = getParameters(); if (parameters != null) { From d7091ef90a7b5f6ffd580e2f285d0b44a3da2996 Mon Sep 17 00:00:00 2001 From: Tobias Soloschenko Date: Mon, 13 May 2024 11:28:58 +0200 Subject: [PATCH 4/5] fix: configurable transformer formatting --- .../org/apache/wicket/util/resource/XSLTResourceStream.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java b/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java index 977b7e09a8b..7298f1f8be5 100644 --- a/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java +++ b/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java @@ -83,7 +83,8 @@ public XSLTResourceStream(final IResourceStream xsltResource, final IResourceStr */ private static TransformerFactory defaultTransformerFactory() { TransformerFactory factory = TransformerFactory.newInstance(); - try { + try + { factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); } catch (TransformerConfigurationException e) { throw new RuntimeException(e); From 8b2452829acfbff1967238b2db3152e3f0f6b82e Mon Sep 17 00:00:00 2001 From: Tobias Soloschenko Date: Mon, 13 May 2024 11:31:15 +0200 Subject: [PATCH 5/5] fix: configurable transformer formatting --- .../org/apache/wicket/util/resource/XSLTResourceStream.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java b/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java index 7298f1f8be5..8d28463cc43 100644 --- a/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java +++ b/wicket-util/src/main/java/org/apache/wicket/util/resource/XSLTResourceStream.java @@ -81,7 +81,8 @@ public XSLTResourceStream(final IResourceStream xsltResource, final IResourceStr * * @return a default transformer factory */ - private static TransformerFactory defaultTransformerFactory() { + private static TransformerFactory defaultTransformerFactory() + { TransformerFactory factory = TransformerFactory.newInstance(); try {