diff --git a/lib/rexml/attribute.rb b/lib/rexml/attribute.rb index 11893a95..358eefb1 100644 --- a/lib/rexml/attribute.rb +++ b/lib/rexml/attribute.rb @@ -148,8 +148,12 @@ def to_s # have been expanded to their values def value return @unnormalized if @unnormalized - @unnormalized = Text::unnormalize( @normalized, doctype ) - @unnormalized + + entity_expansion_text_limit = + @element&.document&.entity_expansion_text_limit || + Security.entity_expansion_text_limit + @unnormalized = Text::unnormalize(@normalized, doctype, + entity_expansion_text_limit: entity_expansion_text_limit) end # The normalized value of this attribute. That is, the attribute with diff --git a/lib/rexml/document.rb b/lib/rexml/document.rb index e98fe43b..d1747dd4 100644 --- a/lib/rexml/document.rb +++ b/lib/rexml/document.rb @@ -92,6 +92,7 @@ class Document < Element def initialize( source = nil, context = {} ) @entity_expansion_count = 0 @entity_expansion_limit = Security.entity_expansion_limit + @entity_expansion_text_limit = Security.entity_expansion_text_limit super() @context = context return if source.nil? @@ -433,6 +434,7 @@ def Document::entity_expansion_text_limit attr_reader :entity_expansion_count attr_writer :entity_expansion_limit + attr_accessor :entity_expansion_text_limit def record_entity_expansion @entity_expansion_count += 1 diff --git a/lib/rexml/entity.rb b/lib/rexml/entity.rb index 12bbad3f..50cd09bc 100644 --- a/lib/rexml/entity.rb +++ b/lib/rexml/entity.rb @@ -71,9 +71,14 @@ def Entity::matches? string # Evaluates to the unnormalized value of this entity; that is, replacing # &ent; entities. def unnormalized - document.record_entity_expansion unless document.nil? + document&.record_entity_expansion + return nil if @value.nil? - @unnormalized = Text::unnormalize(@value, parent) + + entity_expansion_text_limit = + document&.entity_expansion_text_limit || Security.entity_expansion_text_limit + @unnormalized = Text::unnormalize(@value, parent, + entity_expansion_text_limit: entity_expansion_text_limit) end #once :unnormalized diff --git a/lib/rexml/text.rb b/lib/rexml/text.rb index 7e0befe9..7f2e4b6a 100644 --- a/lib/rexml/text.rb +++ b/lib/rexml/text.rb @@ -268,7 +268,10 @@ def inspect # u = Text.new( "sean russell", false, nil, true ) # u.value #-> "sean russell" def value - @unnormalized ||= Text::unnormalize( @string, doctype ) + entity_expansion_text_limit = + document&.entity_expansion_text_limit || Security.entity_expansion_text_limit + @unnormalized ||= Text::unnormalize(@string, doctype, + entity_expansion_text_limit: entity_expansion_text_limit) end # Sets the contents of this text node. This expects the text to be @@ -411,11 +414,11 @@ def Text::normalize( input, doctype=nil, entity_filter=nil ) end # Unescapes all possible entities - def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil ) + def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil, entity_expansion_text_limit: Security.entity_expansion_text_limit ) sum = 0 string.gsub( /\r\n?/, "\n" ).gsub( REFERENCE ) { s = Text.expand($&, doctype, filter) - if sum + s.bytesize > Security.entity_expansion_text_limit + if sum + s.bytesize > entity_expansion_text_limit raise "entity expansion has grown too large" else sum += s.bytesize diff --git a/test/test_document.rb b/test/test_document.rb index bac5afb7..cda4354f 100644 --- a/test/test_document.rb +++ b/test/test_document.rb @@ -31,14 +31,6 @@ def test_new end class EntityExpansionLimitTest < Test::Unit::TestCase - def setup - @default_entity_expansion_text_limit = REXML::Security.entity_expansion_text_limit - end - - def teardown - REXML::Security.entity_expansion_text_limit = @default_entity_expansion_text_limit - end - class GeneralEntityTest < self def test_have_value xml = <&a; XML - REXML::Security.entity_expansion_text_limit = 90 doc = REXML::Document.new(xml) + doc.entity_expansion_text_limit = 90 assert_equal(90, doc.root.children.first.value.bytesize) end end