Skip to content

Commit

Permalink
Fix for issue586. Limits number of entities and nodes to default valu…
Browse files Browse the repository at this point in the history
…es (100000 and 3000 respectively). There's a different between Xerces and libxml2 on entity reference processing. Xerces processes the reference while libxml2 simply ignores the reference. I couldn't figure out how to control that. It should be considered at some point.
yokolet committed Dec 21, 2011

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 66d0576 commit 3ace9dc
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions ext/java/nokogiri/internals/XmlDomParserContext.java
Original file line number Diff line number Diff line change
@@ -73,6 +73,7 @@ public class XmlDomParserContext extends ParserContext {
"http://apache.org/xml/features/dom/include-ignorable-whitespace";
protected static final String FEATURE_VALIDATION = "http://xml.org/sax/features/validation";
private static final String XINCLUDE_FEATURE_ID = "http://apache.org/xml/features/xinclude";
private static final String SECURITY_MANAGER = "http://apache.org/xml/properties/security-manager";

protected ParserContext.Options options;
protected DOMParser parser;
@@ -110,6 +111,9 @@ protected void initParser(Ruby runtime) {
parser = new XmlDomParser(options);
parser.setErrorHandler(errorHandler);

// Fix for Issue#586. This limits entity expansion up to 100000 and nodes up to 3000.
setProperty(SECURITY_MANAGER, new org.apache.xerces.util.SecurityManager());

if (options.noBlanks) {
setFeature(FEATURE_INCLUDE_IGNORABLE_WHITESPACE, false);
}

0 comments on commit 3ace9dc

Please sign in to comment.