Issue with XSLT and FOP when configuring XMLConstants.html#FEATURE_SECURE_PROCESSING

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Issue with XSLT and FOP when configuring XMLConstants.html#FEATURE_SECURE_PROCESSING

Philippe Mouawad
Hello,
I have an issue when generating PDF from Java objects using XSLFO and XSLT:
I have this code:

    TransformerFactory.newInstance("org.apache.xalan.processor.TransformerFactoryImpl",
                        Thread.currentThread().getContextClassLoader());
    templates = factory.newTemplates(new StreamSource(PdfGenerator.class.getResourceAsStream(ORDERS_XSL)));
    FOUserAgent foUserAgent = fopFactory.newFOUserAgent();
    Source src = getSourceForCommandList(commandeList);
    try {
            Fop fop = fopFactory.newFop(MimeConstants.MIME_PDF, foUserAgent, out);

            Result res = new SAXResult(fop.getDefaultHandler());

            templates.newTransformer().transform(src, res);
        } finally {
            out.flush();
        }

My xslt uses fo namespace:

    <?xml version="1.0" encoding="UTF-8"?>
    <xsl:stylesheet version="1.1"
        xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
        xmlns:fo="http://www.w3.org/1999/XSL/Format">



        <xsl:template match="orders">
            <fo:root xmlns:fo="http://www.w3.org/1999/XSL/Format">
                <fo:layout-master-set>
                    <fo:simple-page-master master-name="simpleA4"
                        page-height="29.7cm" page-width="21cm" margin-top="2cm"
                        margin-bottom="1cm" margin-left="0.5cm" margin-right="0.5cm">
                        <fo:region-body />
                    </fo:simple-page-master>
                </fo:layout-master-set>
                <xsl:apply-templates select="order" />
            </fo:root>
        </xsl:template>
        ...
        </xsl:template>
    </xsl:stylesheet>


It works fine and generates a PDF from source Objects using Apache FOP and XSLT.

However, when I add this line to respect best practices regarding security:

> factory.setFeature([XMLConstants.FEATURE_SECURE_PROCESSING][1], true);

It breaks because fo namespace is not loaded if my understanding is correct, I have those errors on template parsing:

    SystemId Unknown; Line #13; Column #67; "master-name" attribute is not allowed on the fo:simple-page-master element!
    SystemId Unknown; Line #13; Column #67; "page-height" attribute is not allowed on the fo:simple-page-master element!
    SystemId Unknown; Line #13; Column #67; "page-width" attribute is not allowed on the fo:simple-page-master element!
    SystemId Unknown; Line #13; Column #67; "margin-top" attribute is not allowed on the fo:simple-page-master element!


Looking into FAQ or user mailing list, I fail to see how we should configure TransformerFactory to allow loading of FOP schema.
Can somebody point me to the documentation or a way ?

Thanks for any help
Regards

Reply | Threaded
Open this post in threaded view
|

Re: Issue with XSLT and FOP when configuring XMLConstants.html#FEATURE_SECURE_PROCESSING

Philippe Mouawad
It looks xalan-2.7.2 was root cause.

Excluding it from dependencies and letting JDK embedded Transformer  (com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl) do the job fixed my problem.

Regards

On Mon, Mar 25, 2019 at 5:30 PM Philippe Mouawad <[hidden email]> wrote:
Hello,
I have an issue when generating PDF from Java objects using XSLFO and XSLT:
I have this code:

    TransformerFactory.newInstance("org.apache.xalan.processor.TransformerFactoryImpl",
                        Thread.currentThread().getContextClassLoader());
    templates = factory.newTemplates(new StreamSource(PdfGenerator.class.getResourceAsStream(ORDERS_XSL)));
    FOUserAgent foUserAgent = fopFactory.newFOUserAgent();
    Source src = getSourceForCommandList(commandeList);
    try {
            Fop fop = fopFactory.newFop(MimeConstants.MIME_PDF, foUserAgent, out);

            Result res = new SAXResult(fop.getDefaultHandler());

            templates.newTransformer().transform(src, res);
        } finally {
            out.flush();
        }

My xslt uses fo namespace:

    <?xml version="1.0" encoding="UTF-8"?>
    <xsl:stylesheet version="1.1"
        xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
        xmlns:fo="http://www.w3.org/1999/XSL/Format">



        <xsl:template match="orders">
            <fo:root xmlns:fo="http://www.w3.org/1999/XSL/Format">
                <fo:layout-master-set>
                    <fo:simple-page-master master-name="simpleA4"
                        page-height="29.7cm" page-width="21cm" margin-top="2cm"
                        margin-bottom="1cm" margin-left="0.5cm" margin-right="0.5cm">
                        <fo:region-body />
                    </fo:simple-page-master>
                </fo:layout-master-set>
                <xsl:apply-templates select="order" />
            </fo:root>
        </xsl:template>
        ...
        </xsl:template>
    </xsl:stylesheet>


It works fine and generates a PDF from source Objects using Apache FOP and XSLT.

However, when I add this line to respect best practices regarding security:

> factory.setFeature([XMLConstants.FEATURE_SECURE_PROCESSING][1], true);

It breaks because fo namespace is not loaded if my understanding is correct, I have those errors on template parsing:

    SystemId Unknown; Line #13; Column #67; "master-name" attribute is not allowed on the fo:simple-page-master element!
    SystemId Unknown; Line #13; Column #67; "page-height" attribute is not allowed on the fo:simple-page-master element!
    SystemId Unknown; Line #13; Column #67; "page-width" attribute is not allowed on the fo:simple-page-master element!
    SystemId Unknown; Line #13; Column #67; "margin-top" attribute is not allowed on the fo:simple-page-master element!


Looking into FAQ or user mailing list, I fail to see how we should configure TransformerFactory to allow loading of FOP schema.
Can somebody point me to the documentation or a way ?

Thanks for any help
Regards



--


logo Ubik Ingenierie Philippe Mouawad
Senior Performance Expert
<a style="font-size:12px;color:rgb(5,93,121);text-decoration:none" href="tel:+33320914981" target="_blank">320914981 | [hidden email]
ubik-ingenierie.com ubik-ingenierie.com | <a style="color:rgb(5,93,121);text-decoration:none" href="tel:+33320914981" target="_blank"> 03.20.91.49.81 03.20.91.49.81 | 23 rue du chemin de fer , 59100 , Roubaix 23 rue du chemin de fer, 59100, Roubaix