Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-7125

Add an attribute to the JSF subsystem to specify whether or not DOCTYPE declarations in JSF deployments should be disallowed

XMLWordPrintable

    • Icon: Requirement Requirement
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • None
    • JSF

      When JAXP secure processing features are added to Xerces (i.e., once Ron Sigal's Xerces PR is merged), WildFly will be using a SAXParserFactory implementation that disallows DOCTYPE declarations by default. This will cause a ServletException to occur when accessing any JSF .xhtml page that includes a DOCTYPE declaration. We should give users the option to override this default behaviour and allow DOCTYPE declarations for JSF apps, if desired. We can accomplish this as follows:

      1) Add a "com.sun.faces.disallowDoctypeDecl" context parameter to Mojarra to explicitly specify whether or not DOCTYPE declarations should be allowed.

      • I've created JAVASERVERFACES-4130 to track this and I've submitted a patch upstream to the Mojarra team.

      2) Add a disallow-doctype-decl attribute to the JSF subsystem to specify the default value of the "com.sun.faces.disallowDoctypeDecl" context parameter for JSF apps.

      If my patch for the new context parameter looks good to the Mojarra team, I can apply it to our Mojarra fork and submit a PR against WildFly with these changes.

              fjuma1@redhat.com Farah Juma
              rhn-engineering-jpallich Jiri Pallich
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: