sandbox security and XmlTransform function

[thewolf]

Hi,

I am running ColdFusion MX 6.1 Enterprise Edition U1 (Server Configuration) on
Red Hat Enterprise Linux 3 U4.

It looks like there is a bug with the XmlTransform function with sandbox
security.

Basically, when I enable sandbox security for a web site, the XmlTransform
function will throw the following error:

org.apache.xalan.serialize.SerializerToXML

Stack Trace at
cfprecis2ecfm587584946.runPage(/home/httpd/vhosts/mydomain.com/httpdocs/test.cfm
:12)
java.lang.NoClassDefFoundError: org.apache.xalan.serialize.SerializerToXML at
java.lang.Class.forName0(Native Method) at
java.lang.Class.forName(Class.java:141) at
org.apache.xalan.serialize.SerializerFactory.getSe rializer(SerializerFactory.jav
a:131) at
org.apache.xalan.transformer.TransformerImpl.creat eResultContentHandler(Transfor
merImpl.java:1048) at
org.apache.xalan.transformer.TransformerImpl.creat eResultContentHandler(Transfor
merImpl.java:975) at
org.apache.xalan.transformer.TransformerImpl.trans form(TransformerImpl.java:1124
) at
org.apache.xalan.transformer.TransformerImpl.trans form(TransformerImpl.java:1107
) at coldfusion.xml.XmlProcessor.doTransform(XmlProcess or.java:134) at
coldfusion.xml.XmlProcessor.access$000(XmlProcesso r.java:42) at
coldfusion.xml.XmlProcessor$1.run(XmlProcessor.jav a:117) at
java.security.AccessController.doPrivileged(Native Method) at
coldfusion.xml.XmlProcessor.transform(XmlProcessor .java:113) at
coldfusion.xml.XmlProcessor.transform(XmlProcessor .java:103) at
coldfusion.runtime.CFPage.XmlTransform(CFPage.java :172) at
cfprecis2ecfm587584946.runPage(/home/httpd/vhosts/mydomain.com/httpdocs/test.cfm
:12) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java :147) at
coldfusion.tagext.lang.IncludeTag.doStartTag(Inclu deTag.java:357) at
coldfusion.filter.CfincludeFilter.invoke(Cfinclude Filter.java:62) at
coldfusion.filter.ApplicationFilter.invoke(Applica tionFilter.java:107) at
coldfusion.filter.RequestMonitorFilter.invoke(Requ estMonitorFilter.java:48) at
coldfusion.filter.PathFilter.invoke(PathFilter.jav a:80) at
coldfusion.filter.ExceptionFilter.invoke(Exception Filter.java:47) at
coldfusion.filter.ClientScopePersistenceFilter.inv oke(ClientScopePersistenceFilt
er.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilt er.java:35) at
coldfusion.filter.GlobalsFilter.invoke(GlobalsFilt er.java:43) at
coldfusion.filter.DatasourceFilter.invoke(Datasour ceFilter.java:22) at
coldfusion.CfmServlet.service(CfmServlet.java:105) at
jrun.servlet.ServletInvoker.invoke(ServletInvoker. java:91) at
jrun.servlet.JRunInvokerChain.invokeNext(JRunInvok erChain.java:42) at
jrun.servlet.JRunRequestDispatcher.invoke(JRunRequ estDispatcher.java:249) at
jrun.servlet.ServletEngineService.dispatch(Servlet EngineService.java:527) at
jrun.servlet.jrpp.JRunProxyService.invokeRunnable( JRunProxyService.java:192) at
jrunx.scheduler.ThreadPool$DownstreamMetrics.invok eRunnable(ThreadPool.java:348)
at
jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRu nnable(ThreadPool.java:451)
at
jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeR unnable(ThreadPool.java:294)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java :66)


When I disabled sandbox security, the function works fine.

I hit a similar problem with the ToString function and wrote a custom CF
function to replace it, basically a wrapper to the Java functions.

Is there any fix for the XmlTransform function bug?

Does anyone have a custom CF function (that works fine with sandbox security)
to replace it?

Thanks.