diff options
author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-02-22 09:35:46 +0000 |
---|---|---|
committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-02-22 09:35:46 +0000 |
commit | 1ad9075734a7fd9d58920c714953ec851efcae6b (patch) | |
tree | 58aebc91254ba8f04466e3569349dfca9f0aaea9 /lib/rexml | |
parent | 7dd6e08b93a750d962fee51eeaec726caf8dc82e (diff) | |
download | ruby-1ad9075734a7fd9d58920c714953ec851efcae6b.tar.gz |
* lib/rexml/document.rb (REXML::Document.entity_expansion_text_limit):
new attribute to read/write entity expansion text limit. the default
limit is 10Kb.
* lib/rexml/text.rb (REXML::Text.unnormalize): check above attribute.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39384 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/rexml')
-rw-r--r-- | lib/rexml/document.rb | 12 | ||||
-rw-r--r-- | lib/rexml/text.rb | 40 |
2 files changed, 37 insertions, 15 deletions
diff --git a/lib/rexml/document.rb b/lib/rexml/document.rb index f9fdbdaab3..c5280374ca 100644 --- a/lib/rexml/document.rb +++ b/lib/rexml/document.rb @@ -255,6 +255,18 @@ module REXML return @@entity_expansion_limit end + @@entity_expansion_text_limit = 10_240 + + # Set the entity expansion limit. By default the limit is set to 10240. + def Document::entity_expansion_text_limit=( val ) + @@entity_expansion_text_limit = val + end + + # Get the entity expansion limit. By default the limit is set to 10000. + def Document::entity_expansion_text_limit + return @@entity_expansion_text_limit + end + attr_reader :entity_expansion_count def record_entity_expansion diff --git a/lib/rexml/text.rb b/lib/rexml/text.rb index 6623c0c03b..878d13b8e8 100644 --- a/lib/rexml/text.rb +++ b/lib/rexml/text.rb @@ -380,25 +380,35 @@ module REXML # Unescapes all possible entities def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil ) + sum = 0 string.gsub( /\r\n?/, "\n" ).gsub( REFERENCE ) { - ref = $& - if ref[1] == ?# - if ref[2] == ?x - [ref[3...-1].to_i(16)].pack('U*') - else - [ref[2...-1].to_i].pack('U*') - end - elsif ref == '&' - '&' - elsif filter and filter.include?( ref[1...-1] ) - ref - elsif doctype - doctype.entity( ref[1...-1] ) or ref + s = Text.expand($&, doctype, filter) + if sum + s.bytesize > Document.entity_expansion_text_limit + raise "entity expansion has grown too large" else - entity_value = DocType::DEFAULT_ENTITIES[ ref[1...-1] ] - entity_value ? entity_value.value : ref + sum += s.bytesize end + s } end + + def Text.expand(ref, doctype, filter) + if ref[1] == ?# + if ref[2] == ?x + [ref[3...-1].to_i(16)].pack('U*') + else + [ref[2...-1].to_i].pack('U*') + end + elsif ref == '&' + '&' + elsif filter and filter.include?( ref[1...-1] ) + ref + elsif doctype + doctype.entity( ref[1...-1] ) or ref + else + entity_value = DocType::DEFAULT_ENTITIES[ ref[1...-1] ] + entity_value ? entity_value.value : ref + end + end end end |