Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-6545

Add an attribute to the JSF subsystem to specify whether or not DOCTYPE declarations in JSF deployments should be disallowed



      When JAXP secure processing features are added to Xerces (i.e., once Ron Sigal's Xerces PR is merged), WildFly will be using a SAXParserFactory implementation that disallows DOCTYPE declarations by default. This will cause a ServletException to occur when accessing any JSF .xhtml page that includes a DOCTYPE declaration. We should give users the option to override this default behaviour and allow DOCTYPE declarations for JSF apps, if desired. We can accomplish this as follows:

      1) Add a "com.sun.faces.disallowDoctypeDecl" context parameter to Mojarra to explicitly specify whether or not DOCTYPE declarations should be allowed.

      • I've created JAVASERVERFACES-4130 to track this and I've submitted a patch upstream to the Mojarra team.

      2) Add a disallow-doctype-decl attribute to the JSF subsystem to specify the default value of the "com.sun.faces.disallowDoctypeDecl" context parameter for JSF apps.

      If my patch for the new context parameter looks good to the Mojarra team, I can apply it to our Mojarra fork and submit a PR against WildFly with these changes.

        Gliffy Diagrams


            Issue Links



                • Assignee:
                  fjuma Farah Juma
                  fjuma Farah Juma
                • Votes:
                  0 Vote for this issue
                  4 Start watching this issue


                  • Created: