diff --git a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
index d841a15d6d05a..43d39a4af79fd 100644
--- a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
+++ b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
@@ -974,6 +974,12 @@ public Transformer createTransformer() throws TransformerConfigurationException
public TransformerFactory createTransformerFactory() {
TransformerFactory factory = TransformerFactory.newInstance();
+ // Enable the Security feature by default
+ try {
+ factory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ } catch (TransformerConfigurationException e) {
+ LOG.warn("TransformerFactory doesn't support the feature {} with value {}, due to {}.", new Object[]{javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, "true", e});
+ }
factory.setErrorListener(new XmlErrorListener());
return factory;
}
diff --git a/camel-core/src/test/java/org/apache/camel/component/xslt/XsltFeatureRouteTest.java b/camel-core/src/test/java/org/apache/camel/component/xslt/XsltFeatureRouteTest.java
new file mode 100644
index 0000000000000..04564448d3023
--- /dev/null
+++ b/camel-core/src/test/java/org/apache/camel/component/xslt/XsltFeatureRouteTest.java
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.xslt;
+
+import javax.xml.transform.TransformerException;
+
+import org.apache.camel.CamelExecutionException;
+import org.apache.camel.ContextTestSupport;
+import org.apache.camel.builder.RouteBuilder;
+
+public class XsltFeatureRouteTest extends ContextTestSupport {
+
+ public void testSendMessage() throws Exception {
+ String message = "";
+ sendXmlMessage("direct:start1", message);
+ sendXmlMessage("direct:start2", message);
+ }
+
+ public void sendXmlMessage(String uri, String message) {
+ try {
+ template.sendBody("direct:start1", message);
+ fail("expect an exception here");
+ } catch (Exception ex) {
+ // expect an exception here
+ assertTrue("Get a wrong exception", ex instanceof CamelExecutionException);
+ assertTrue("Get a wrong exception cause", ex.getCause() instanceof TransformerException);
+ }
+
+ }
+
+
+ @Override
+ protected RouteBuilder createRouteBuilder() throws Exception {
+ return new RouteBuilder() {
+ @Override
+ public void configure() throws Exception {
+ from("direct:start1")
+ .to("xslt:org/apache/camel/component/xslt/transform_text_imported.xsl")
+ .to("mock:result");
+
+ from("direct:start2")
+ .to("xslt:org/apache/camel/component/xslt/transform_text.xsl")
+ .to("mock:result");
+ }
+ };
+ }
+
+}
diff --git a/camel-core/src/test/java/org/apache/camel/component/xslt/XsltRouteTest.java b/camel-core/src/test/java/org/apache/camel/component/xslt/XsltRouteTest.java
index df6c4cc80fcc8..9d1e5d96d8d4f 100644
--- a/camel-core/src/test/java/org/apache/camel/component/xslt/XsltRouteTest.java
+++ b/camel-core/src/test/java/org/apache/camel/component/xslt/XsltRouteTest.java
@@ -22,9 +22,11 @@
import org.apache.camel.Exchange;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.mock.MockEndpoint;
+import org.apache.camel.converter.jaxp.XmlConverter;
import org.apache.camel.impl.JndiRegistry;
public class XsltRouteTest extends ContextTestSupport {
+
public void testSendStringMessage() throws Exception {
sendMessageAndHaveItTransformed("HeyHello world!");
}
@@ -32,6 +34,24 @@ public void testSendStringMessage() throws Exception {
public void testSendBytesMessage() throws Exception {
sendMessageAndHaveItTransformed("HeyHello world!".getBytes());
}
+
+ public void testSendEntityMessage() throws Exception {
+
+ MockEndpoint endpoint = getMockEndpoint("mock:result");
+ endpoint.expectedMessageCount(1);
+ //String message = "]>&xxe;";
+
+ String message = "";
+ template.sendBody("direct:start2", message);
+
+ assertMockEndpointsSatisfied();
+
+ List list = endpoint.getReceivedExchanges();
+ Exchange exchange = list.get(0);
+ String xml = exchange.getIn().getBody(String.class);
+
+ System.out.println(xml);
+ }
private void sendMessageAndHaveItTransformed(Object body) throws Exception {
MockEndpoint endpoint = getMockEndpoint("mock:result");
@@ -44,7 +64,8 @@ private void sendMessageAndHaveItTransformed(Object body) throws Exception {
List list = endpoint.getReceivedExchanges();
Exchange exchange = list.get(0);
String xml = exchange.getIn().getBody(String.class);
-
+ System.out.println(xml);
+
assertNotNull("The transformed XML should not be null", xml);
assertTrue(xml.indexOf("transformed") > -1);
// the cheese tag is in the transform.xsl
@@ -62,11 +83,16 @@ protected RouteBuilder createRouteBuilder() throws Exception {
return new RouteBuilder() {
@Override
public void configure() throws Exception {
+
from("direct:start")
.to("xslt:org/apache/camel/component/xslt/transform.xsl")
.multicast()
.beanRef("testBean")
.to("mock:result");
+
+ from("direct:start2")
+ .to("xslt:org/apache/camel/component/xslt/transform_text_imported.xsl")
+ .to("mock:result");
}
};
}
diff --git a/camel-core/src/test/resources/org/apache/camel/component/xslt/transform_text.xsl b/camel-core/src/test/resources/org/apache/camel/component/xslt/transform_text.xsl
new file mode 100644
index 0000000000000..6c38e4a418430
--- /dev/null
+++ b/camel-core/src/test/resources/org/apache/camel/component/xslt/transform_text.xsl
@@ -0,0 +1,31 @@
+
+
+
+
+
+
+
+
+ Process:
+
+
\ No newline at end of file
diff --git a/camel-core/src/test/resources/org/apache/camel/component/xslt/transform_text_imported.xsl b/camel-core/src/test/resources/org/apache/camel/component/xslt/transform_text_imported.xsl
new file mode 100644
index 0000000000000..8954b0a514b81
--- /dev/null
+++ b/camel-core/src/test/resources/org/apache/camel/component/xslt/transform_text_imported.xsl
@@ -0,0 +1,25 @@
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/components/camel-saxon/src/test/java/org/apache/camel/component/xslt/SaxonXsltFeatureRouteTest.java b/components/camel-saxon/src/test/java/org/apache/camel/component/xslt/SaxonXsltFeatureRouteTest.java
new file mode 100644
index 0000000000000..12b438c18ae1f
--- /dev/null
+++ b/components/camel-saxon/src/test/java/org/apache/camel/component/xslt/SaxonXsltFeatureRouteTest.java
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.xslt;
+
+import javax.xml.transform.TransformerException;
+
+import org.apache.camel.CamelExecutionException;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.test.junit4.CamelTestSupport;
+import org.junit.Test;
+
+public class SaxonXsltFeatureRouteTest extends CamelTestSupport {
+
+ @Test
+ public void testSendMessage() throws Exception {
+ String message = "";
+ sendXmlMessage("direct:start1", message);
+ sendXmlMessage("direct:start2", message);
+ }
+
+ public void sendXmlMessage(String uri, String message) {
+ try {
+ template.sendBody("direct:start1", message);
+ fail("expect an exception here");
+ } catch (Exception ex) {
+ // expect an exception here
+ assertTrue("Get a wrong exception", ex instanceof CamelExecutionException);
+ assertTrue("Get a wrong exception cause", ex.getCause() instanceof TransformerException);
+ }
+
+ }
+
+
+ @Override
+ protected RouteBuilder createRouteBuilder() throws Exception {
+ return new RouteBuilder() {
+ @Override
+ public void configure() throws Exception {
+ from("direct:start1")
+ .to("xslt:org/apache/camel/component/xslt/transform_text_imported.xsl")
+ .to("mock:result");
+
+ from("direct:start2")
+ .to("xslt:org/apache/camel/component/xslt/transform_text.xsl")
+ .to("mock:result");
+ }
+ };
+ }
+
+
+
+}
diff --git a/components/camel-saxon/src/test/resources/org/apache/camel/component/xslt/transform_text.xsl b/components/camel-saxon/src/test/resources/org/apache/camel/component/xslt/transform_text.xsl
new file mode 100644
index 0000000000000..6c38e4a418430
--- /dev/null
+++ b/components/camel-saxon/src/test/resources/org/apache/camel/component/xslt/transform_text.xsl
@@ -0,0 +1,31 @@
+
+
+
+
+
+
+
+
+ Process:
+
+
\ No newline at end of file
diff --git a/components/camel-saxon/src/test/resources/org/apache/camel/component/xslt/transform_text_imported.xsl b/components/camel-saxon/src/test/resources/org/apache/camel/component/xslt/transform_text_imported.xsl
new file mode 100644
index 0000000000000..e7ae4b051dac2
--- /dev/null
+++ b/components/camel-saxon/src/test/resources/org/apache/camel/component/xslt/transform_text_imported.xsl
@@ -0,0 +1,25 @@
+
+
+
+
+
+
+
+
+
\ No newline at end of file