diff --git a/imageio/imageio-batik/src/main/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReader.java b/imageio/imageio-batik/src/main/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReader.java
index 5b776f14..951b4dd6 100755
--- a/imageio/imageio-batik/src/main/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReader.java
+++ b/imageio/imageio-batik/src/main/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReader.java
@@ -79,8 +79,12 @@ import java.util.Map;
* @see batik-dev
*/
public class SVGImageReader extends ImageReaderBase {
+
+ static String ALLOW_EXTERNAL_RESOURCES_SYSTEM_PROP = "com.twelvemonkeys.imageio.plugins.svg.allowexternalresources";
+
private Rasterizer rasterizer;
- private boolean allowExternalResources;
+ private boolean allowExternalResources =
+ "true".equalsIgnoreCase(System.getProperty(ALLOW_EXTERNAL_RESOURCES_SYSTEM_PROP));
/**
* Creates an {@code SVGImageReader}.
@@ -89,7 +93,6 @@ public class SVGImageReader extends ImageReaderBase {
*/
public SVGImageReader(final ImageReaderSpi pProvider) {
super(pProvider);
- allowExternalResources = true;
}
protected void resetMembers() {
@@ -119,7 +122,7 @@ public class SVGImageReader extends ImageReaderBase {
SVGReadParam svgParam = (SVGReadParam) pParam;
// set the external-resource-resolution preference
- allowExternalResources = svgParam.shouldAllowExternalResources();
+ allowExternalResources = svgParam.isAllowExternalResources();
// Get the base URI
// This must be done before converting the params to hints
diff --git a/imageio/imageio-batik/src/main/java/com/twelvemonkeys/imageio/plugins/svg/SVGReadParam.java b/imageio/imageio-batik/src/main/java/com/twelvemonkeys/imageio/plugins/svg/SVGReadParam.java
index 12ec7899..78bbba71 100755
--- a/imageio/imageio-batik/src/main/java/com/twelvemonkeys/imageio/plugins/svg/SVGReadParam.java
+++ b/imageio/imageio-batik/src/main/java/com/twelvemonkeys/imageio/plugins/svg/SVGReadParam.java
@@ -41,11 +41,11 @@ import java.awt.*;
public class SVGReadParam extends ImageReadParam {
private Paint background;
private String baseURI;
- private boolean allowExternalResources;
+ private boolean allowExternalResources = false;
+ private boolean isAllowExternalResourcesSetExplicitly = false;
public SVGReadParam() {
super();
- allowExternalResources = true;
}
public Paint getBackgroundColor() {
@@ -64,12 +64,18 @@ public class SVGReadParam extends ImageReadParam {
baseURI = pBaseURI;
}
- public void allowExternalResources(boolean bAllow) {
- allowExternalResources = bAllow;
+ public void setAllowExternalResources(boolean allow) {
+ allowExternalResources = allow;
+ isAllowExternalResourcesSetExplicitly = true;
}
- public boolean shouldAllowExternalResources() {
- return allowExternalResources;
+ public boolean isAllowExternalResources() {
+ if (isAllowExternalResourcesSetExplicitly) {
+ return allowExternalResources;
+ } else {
+ // prefer the explicitly set value if invoked, read the system prop as a fallback if it wasn't
+ return "true".equals(System.getProperty(SVGImageReader.ALLOW_EXTERNAL_RESOURCES_SYSTEM_PROP));
+ }
}
@Override
diff --git a/imageio/imageio-batik/src/test/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderTest.java b/imageio/imageio-batik/src/test/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderTest.java
index 9a2c8863..7785492a 100755
--- a/imageio/imageio-batik/src/test/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderTest.java
+++ b/imageio/imageio-batik/src/test/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderTest.java
@@ -228,6 +228,7 @@ public class SVGImageReaderTest extends ImageReaderAbstractTest
reader.addIIOReadWarningListener(listener);
SVGReadParam param = reader.getDefaultReadParam();
+ param.setAllowExternalResources(true);
param.setBaseURI(resource.toURI().toASCIIString());
BufferedImage image = reader.read(0, param);
@@ -244,71 +245,82 @@ public class SVGImageReaderTest extends ImageReaderAbstractTest
}
@Test
- public void testEmbeddedBeforeBaseURI() throws URISyntaxException, IOException {
+ public void testEmbeddedBeforeBaseURI_withSystemProperty() throws URISyntaxException, IOException {
// Asking for metadata, width, height etc, before attempting to read using a param,
// will cause the document to be parsed without a base URI.
// This will work, but may not use the CSS...
+ // since the param is not available before the read operation is invoked,
+ // this test-case MUST use the system-property for backwards compatibility
URL resource = getClassLoaderResource("/svg/barChart.svg");
- SVGImageReader reader = createReader();
+ try {
+ System.setProperty("com.twelvemonkeys.imageio.plugins.svg.allowexternalresources", "true");
+ SVGImageReader reader = createReader();
- TestData data = new TestData(resource, (Dimension) null);
- try (ImageInputStream stream = data.getInputStream()) {
- reader.setInput(stream);
+ TestData data = new TestData(resource, (Dimension) null);
+ try (ImageInputStream stream = data.getInputStream()) {
+ reader.setInput(stream);
- IIOReadWarningListener listener = mock(IIOReadWarningListener.class);
- reader.addIIOReadWarningListener(listener);
+ IIOReadWarningListener listener = mock(IIOReadWarningListener.class);
+ reader.addIIOReadWarningListener(listener);
- assertEquals(450, reader.getWidth(0));
- assertEquals(500, reader.getHeight(0));
+ assertEquals(450, reader.getWidth(0));
+ assertEquals(500, reader.getHeight(0));
- // Expect the warning about the missing CSS
- verify(listener, atMost(1)).warningOccurred(any(ImageReader.class), anyString());
- reset(listener);
+ // Expect the warning about the missing CSS
+ verify(listener, atMost(1)).warningOccurred(any(ImageReader.class), anyString());
+ reset(listener);
- SVGReadParam param = reader.getDefaultReadParam();
- param.setBaseURI(resource.toURI().toASCIIString());
- BufferedImage image = reader.read(0, param);
+ SVGReadParam param = reader.getDefaultReadParam();
+ param.setBaseURI(resource.toURI().toASCIIString());
+ BufferedImage image = reader.read(0, param);
- assertNotNull(image);
- assertEquals(450, image.getWidth());
- assertEquals(500, image.getHeight());
+ assertNotNull(image);
+ assertEquals(450, image.getWidth());
+ assertEquals(500, image.getHeight());
- // No more warnings now that the base URI is set
- verifyZeroInteractions(listener);
- }
- finally {
- reader.dispose();
+ // No more warnings now that the base URI is set
+ verifyZeroInteractions(listener);
+ }
+ finally {
+ reader.dispose();
+ }
+ } finally {
+ System.clearProperty("com.twelvemonkeys.imageio.plugins.svg.allowexternalresources");
}
}
@Test
- public void testEmbeddedNoBaseURI() throws IOException {
+ public void testEmbeddedNoBaseURI_withSystemProperty() throws IOException {
// With no base URI, we will throw an exception, about the missing embedded resource
URL resource = getClassLoaderResource("/svg/barChart.svg");
- SVGImageReader reader = createReader();
+ try {
+ System.setProperty("com.twelvemonkeys.imageio.plugins.svg.allowexternalresources", "true");
- TestData data = new TestData(resource, (Dimension) null);
- try (ImageInputStream stream = data.getInputStream()) {
- reader.setInput(stream);
+ SVGImageReader reader = createReader();
- BufferedImage image = reader.read(0);
+ TestData data = new TestData(resource, (Dimension) null);
+ try (ImageInputStream stream = data.getInputStream()) {
+ reader.setInput(stream);
- assertNotNull(image);
- assertEquals(450, image.getWidth());
- assertEquals(500, image.getHeight());
- }
- catch (IIOException allowed) {
- assertTrue(allowed.getMessage().contains("batikLogo.svg")); // The embedded resource we don't find
- }
- finally {
- reader.dispose();
+ reader.read(0);
+
+ assertTrue("reader.read should've thrown an exception, but didn't", false);
+ }
+ catch (IIOException allowed) {
+ assertTrue(allowed.getMessage().contains("batikLogo.svg")); // The embedded resource we don't find
+ }
+ finally {
+ reader.dispose();
+ }
+ } finally {
+ System.clearProperty("com.twelvemonkeys.imageio.plugins.svg.allowexternalresources");
}
}
@Test(expected = SecurityException.class)
- public void testDisallowedExternalResources() throws URISyntaxException, IOException {
+ public void testDefaultDisallowedExternalResources() throws URISyntaxException, IOException {
URL resource = getClassLoaderResource("/svg/barChart.svg");
SVGImageReader reader = createReader();
@@ -319,7 +331,6 @@ public class SVGImageReaderTest extends ImageReaderAbstractTest
SVGReadParam param = reader.getDefaultReadParam();
param.setBaseURI(resource.toURI().toASCIIString());
- param.allowExternalResources(false);
// `reader.read` for `/svg/barChart.svg` should raise
// a SecurityException when External Resources are blocked
reader.read(0, param);
@@ -328,4 +339,32 @@ public class SVGImageReaderTest extends ImageReaderAbstractTest
reader.dispose();
}
}
+
+ @Test(expected = SecurityException.class)
+ public void testDisallowedExternalResources_withSystemProperty() throws URISyntaxException, IOException {
+ URL resource = getClassLoaderResource("/svg/barChart.svg");
+ try {
+ System.setProperty("com.twelvemonkeys.imageio.plugins.svg.allowexternalresources", "true");
+ SVGImageReader reader = createReader();
+
+ TestData data = new TestData(resource, (Dimension) null);
+ try (ImageInputStream stream = data.getInputStream()) {
+ reader.setInput(stream);
+
+ SVGReadParam param = reader.getDefaultReadParam();
+ param.setBaseURI(resource.toURI().toASCIIString());
+ param.setAllowExternalResources(false);
+ // even when the system-property is set to true,
+ // `reader.read` for `/svg/barChart.svg` should raise
+ // a SecurityException when External Resources are blocked
+ // because the API invocation gets preference
+ reader.read(0, param);
+ }
+ finally {
+ reader.dispose();
+ }
+ } finally {
+ System.clearProperty("com.twelvemonkeys.imageio.plugins.svg.allowexternalresources");
+ }
+ }
}