Merge pull request #1394 from robmarzialetti/patch-12

Update page.md
lucee · Jul 21, 2023 · f9dad42 · f9dad42
2 parents ddfbfca + efe973f
commit f9dad42
Showing 1 changed file with 12 additions and 8 deletions.
diff --git a/docs/04.guides/04.cookbooks/01.application-context-basic/page.md b/docs/04.guides/04.cookbooks/01.application-context-basic/page.md
@@ -293,7 +293,6 @@ component displayname="Application" output="false" hint="Handle the application"
  // this.sessionManagement = true;
  
  
- 
  ////////////////////////////////////////////////////////////////
  // SESSION TIMEOUT
  // Sets the amount of time Lucee will keep the session scope alive. 
@@ -313,7 +312,6 @@ component displayname="Application" output="false" hint="Handle the application"
  // this.sessionStorage = "memory"; 
 
 
-
  ////////////////////////////////////////////////////////////////
  // CLIENT MANAGEMENT
  // Enables/disables client management
@@ -370,7 +368,6 @@ component displayname="Application" output="false" hint="Handle the application"
  // this.localMode = "classic"; 
 
 
-
  ////////////////////////////////////////////////////////////////
  // CASCADING 
  // Depending on this setting Lucee scans certain scopes to find a 
@@ -383,7 +380,6 @@ component displayname="Application" output="false" hint="Handle the application"
  // this.scopeCascading = "standard";
 
 
-
  ////////////////////////////////////////////////////////////////
  // SEARCH RESULTSETS 
  // When a variable has no scope defined (Example: #myVar# instead of #variables.myVar#), 
@@ -392,7 +388,6 @@ component displayname="Application" output="false" hint="Handle the application"
  // this.searchResults = true;
  
 
-
  ////////////////////////////////////////////////////////////////
  // REQUEST: TIMEOUT
  // Sets the amount of time the engine will wait
@@ -403,7 +398,6 @@ component displayname="Application" output="false" hint="Handle the application"
  ////////////////////////////////////////////////////////////////
  // this.requestTimeout=createTimeSpan(0,0,0,50); 
  
- 
  
  ////////////////////////////////////////////////////////////////
  // COMPRESSION 
@@ -413,7 +407,6 @@ component displayname="Application" output="false" hint="Handle the application"
  // this.compression = false;
 
 
-
  ////////////////////////////////////////////////////////////////
  // SUPPRESS CONTENT FOR CFC REMOTING 
  // Suppress content written to response stream when a 
@@ -422,7 +415,6 @@ component displayname="Application" output="false" hint="Handle the application"
  // this.suppressRemoteComponentContent = false;
  
 
- 
  ////////////////////////////////////////////////////////////////
  // BUFFER TAG BODY OUTPUT 
  // If true - the output written to the body of the tag is 
@@ -472,6 +464,18 @@ component displayname="Application" output="false" hint="Handle the application"
  // this.invokeImplicitAccessor = false;
 
 
+ ////////////////////////////////////////////////////////////////
+ // ANTI-XXE CONFIGURATION
+ // XML External Entity attack is a type of attack against
+ // an application that parses XML input. This configuration enable/disable
+ // protection by XXE attack. It's enabled by default from 5.4.2 and 6.0.
+ // https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing
+ ////////////////////////////////////////////////////////////////
+ // this.xmlFeatures = {
+ // externalGeneralEntities: false,
+ // secure: true,
+ // disallowDoctypeDecl: false
+ // };
 
  ////////////////////////////////////////////////////////////////
  // MAIL SERVERS