Tech Tip: 4D v15.4 Hotfix 3 XML Parser Security Enhancement
PRODUCT: 4D | VERSION: 15.x | PLATFORM: Mac & Win
Published On: July 13, 2017
New security enhancment features have been implemented in v15.4 HF3. This enhancment will cause a behavior change with the DOM and SAX XML parser. This change will not be in the documentation until v15.5.
The execution of external file references used in XML Entities will be disabled by default to enable this function run the following command:
XML SET OPTIONS("";XML external entity resolution;XML enabled) |
Also for better XML compliance, many XML commands are now case sensitive and more strict, the following command can be used to disable case sensitivity:
XML SET OPTIONS("";XML external entity resolution;XML enabled) |
As stated these two new selectors are not yet documented in the v15.4 documentation but will be in the v15.5 documentation.