Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-6545

Add an attribute to the JSF subsystem to specify whether or not DOCTYPE declarations in JSF deployments should be disallowed

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Major
    • 12.0.0.Beta1, 12.0.0.Final
    • 10.0.0.Final
    • JSF
    • None

    Description

      When JAXP secure processing features are added to Xerces (i.e., once Ron Sigal's Xerces PR is merged), WildFly will be using a SAXParserFactory implementation that disallows DOCTYPE declarations by default. This will cause a ServletException to occur when accessing any JSF .xhtml page that includes a DOCTYPE declaration. We should give users the option to override this default behaviour and allow DOCTYPE declarations for JSF apps, if desired. We can accomplish this as follows:

      1) Add a "com.sun.faces.disallowDoctypeDecl" context parameter to Mojarra to explicitly specify whether or not DOCTYPE declarations should be allowed.

      • I've created JAVASERVERFACES-4130 to track this and I've submitted a patch upstream to the Mojarra team.

      2) Add a disallow-doctype-decl attribute to the JSF subsystem to specify the default value of the "com.sun.faces.disallowDoctypeDecl" context parameter for JSF apps.

      If my patch for the new context parameter looks good to the Mojarra team, I can apply it to our Mojarra fork and submit a PR against WildFly with these changes.

      Attachments

        Issue Links

          is cloned by

          Requirement - Used for conducting internal reviews of our products and process with 3rd party auditors JBEAP-7125 Add an attribute to the JSF subsystem to specify whether or not DOCTYPE declarations in JSF deployments should be disallowed

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Requirement - Used for conducting internal reviews of our products and process with 3rd party auditors JBEAP-7722 Add an attribute to the JSF subsystem to specify whether or not DOCTYPE declarations in JSF deployments should be disallowed

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is related to

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. WFLY-6874 Upgrade jsf-impl to 2.2.13.SP2

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is blocked by

          JAVASERVERFACES-4130 Loading...

          Activity

            People

              fjuma1@redhat.com Farah Juma
              fjuma1@redhat.com Farah Juma
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: