Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
13.10
-
None
-
Unknown
-
Description
Example input to parse:
String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
+ "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\n"
+ " \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n"
+ "\n"
+ "<p>$</p>";
Currently, when parsed, the paragraph tag content is empty.
The way to solve this without introducing an XXE attack is by having a custom resolver similar to the one we copied from xml-dtd.