just bumping this up, these per use overrides are available in 5.4.3.2
TryCF is now running 5.4.3.2, however, support for overriding xmlFeatures
has been disabled via lucee.xmlfeatures.override.disable=true
so isXml()
will still return false, xmlParse with throw an error
<cfscript>
//trycf has lucee.xmlfeatures.override.disable=true set
str= '<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN" "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
<hibernate-mapping></hibernate-mapping>';
dump(isXml(str)); // only returns boolean
dump(isXml(str, {
"secure": true,
"disallowDoctypeDecl": true,
"externalGeneralEntities": false
})); // xmlfeatures override ignored
flush;
try {
dump( xmlParse( str, false, {
"secure": true,
"disallowDoctypeDecl": true,
"externalGeneralEntities": false
})); // xmlfeatures override ignored
} catch(e){
echo(e);
}
</cfscript>