xpath_query.sl should have ability to override security options

[ferrisb]

I currently have an issue with the ability to perform an XPATH query (xpath_query.sl) due to the security limitations with "http://apache.org/xml/features/disallow-doctype-decl" set to true.

As a workaround I convert it to JSON and override using the parsing feature.

              - parsing_features: |
                      http://apache.org/xml/features/disallow-doctype-decl false

Can the parsing feature be added to the xpath_query.sl and allow the developer to override the security if needed?

[tethryus]

Hello @ferrisb, have you tried running the operation with secure_processing: false?

[ferrisb]

Yes - I tried that, I received the same message about "http://apache.org/xml/features/disallow-doctype-decl" being set to true.

[tethryus]

Will look into it and provide a fix as soon as possible. Thanks for catching that up.

[tethryus]

Hello @ferrisb, I have found the fix needed in order to make the operation work. I will commit the changes and I will let you know as soon as it will be available on the content repository.

Edit: I have a follow up question. Are you getting the xml from a file or a string? I would like to make sure that the fix will work for the use case that you need.