Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-6545

Add an attribute to the JSF subsystem to specify whether or not DOCTYPE declarations in JSF deployments should be disallowed

    Details

      Description

      When JAXP secure processing features are added to Xerces (i.e., once Ron Sigal's Xerces PR is merged), WildFly will be using a SAXParserFactory implementation that disallows DOCTYPE declarations by default. This will cause a ServletException to occur when accessing any JSF .xhtml page that includes a DOCTYPE declaration. We should give users the option to override this default behaviour and allow DOCTYPE declarations for JSF apps, if desired. We can accomplish this as follows:

      1) Add a "com.sun.faces.disallowDoctypeDecl" context parameter to Mojarra to explicitly specify whether or not DOCTYPE declarations should be allowed.

      • I've created JAVASERVERFACES-4130 to track this and I've submitted a patch upstream to the Mojarra team.

      2) Add a disallow-doctype-decl attribute to the JSF subsystem to specify the default value of the "com.sun.faces.disallowDoctypeDecl" context parameter for JSF apps.

      If my patch for the new context parameter looks good to the Mojarra team, I can apply it to our Mojarra fork and submit a PR against WildFly with these changes.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  fjuma Farah Juma
                  Reporter:
                  fjuma Farah Juma
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: