The Java XML API and JDK provide two levels of control for accessing external resources: fine-grained control through resolvers, catalogs and the JDK built-in catalog, and broad restrictions via [External Access Properties](https://docs.oracle.com/en/java/javase/23/docs/api/java.xml/javax/xml/XMLConstants.html#EAP) and the built-in catalog's RESOLVE property.
An intermediate level of control that allows applications to selectively permit a subset of network activities, such as access to a trusted domain or local/file resources is desirable.
An intermediate level of control that allows applications to selectively permit a subset of network activities, such as access to a trusted domain or local/file resources is desirable.
- csr for
-
JDK-8352095 Add an allowlist for accessing XML external resources
-
- Draft
-