NZKoz / rexml-expansion-fix

Branches (1)
- master ✓
Tags (0)

This is the gem containing the monkeypatch fix for REXML — Read more

This URL has Read+Write access

Handle a bug which prevented parsing in some circumstances.

NZKoz (author)

Sun Aug 31 09:41:33 -0700 2008

commit 784f16ba7de56e243330b846050222fb6d0d44e0
tree dca71953c4cfa33b39080611fc55060eda6fbf63
parent 90668758853c543aa5bef57e6405bcb0aaf6be07

rexml-expansion-fix /

name	age	history message
.gitignore	Fri Aug 22 06:00:42 -0700 2008	Initial fix [NZKoz]
LICENSE	Fri Aug 22 06:00:42 -0700 2008	Initial fix [NZKoz]
README.textile	Fri Aug 22 06:00:42 -0700 2008	Initial fix [NZKoz]
example.xml	Fri Aug 22 06:00:42 -0700 2008	Initial fix [NZKoz]
lib/	Sun Aug 31 09:41:33 -0700 2008	Handle a bug which prevented parsing in some ci... [NZKoz]
rexml-expansion-fix.gemspec	Sun Aug 31 09:41:33 -0700 2008	Handle a bug which prevented parsing in some ci... [NZKoz]

README.textile

REXML Expansion Fix

The version of rexml which ships with ruby at present will not restrict the total number of entity expanstions when processing inline attributes. This can allow specially crafted documents to consume enormous amounts of CPU. To prevent this from happening this fix causes processing to abort processing after a certain number of expansions have taken place. The limit defaults to 10000 but you can change it as follows:

REXML::Document.entity_expansion_limit= 50

The example xml in example.xml can be used to verify that your application is safe.

NZKoz / rexml-expansion-fix

Pledgie Donations

REXML Expansion Fix