JAR File's config.xml"
m (correct highlight (via JWB)) |
|||
Line 4: | Line 4: | ||
By use of <code>config.xml</code>, a JAR file could change the default configuration without a user's notice, such as adding a desktop listener, setting a library property, and so on. For more information, please refer to [[ZK Developer's Reference/Customization/Packing Code|ZK Developer's Reference: Packing Code]]. | By use of <code>config.xml</code>, a JAR file could change the default configuration without a user's notice, such as adding a desktop listener, setting a library property, and so on. For more information, please refer to [[ZK Developer's Reference/Customization/Packing Code|ZK Developer's Reference: Packing Code]]. | ||
+ | |||
+ | {{DoctypeDisallowed}} | ||
{{ZKConfigurationReferenceHeadingToc}} | {{ZKConfigurationReferenceHeadingToc}} | ||
{{ZKConfigurationReferencePageFooter}} | {{ZKConfigurationReferencePageFooter}} |
Latest revision as of 04:02, 19 January 2024
A JAR file could contain a configuration file that will override the default configuration of a ZK application. The file must be named as config.xml
and placed under the /metainfo/zk
directory. Of course, the configuration specified in WEB-INF/zk.xml
has higher priority. It will override the configuration specified in /metainfo/zk/config.xml
.
By use of config.xml
, a JAR file could change the default configuration without a user's notice, such as adding a desktop listener, setting a library property, and so on. For more information, please refer to ZK Developer's Reference: Packing Code.
DOCTYPE restriction
Since 10.0.0
Starting from ZK 10, the xml parser used by ZK declares disallow-doctype-decl
to true.
This prevents the use of DOCTYPE declaration in xml files, such as zk.xml, lang-addon.xml, config. xml, etc.
This is a security measure to prevent XXE attacks using <!DOCTYPE ...>
as vector.