Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

This is the gem containing the monkeypatch fix for REXML

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 lib
Octocat-spinner-32 .gitignore
Octocat-spinner-32 LICENSE
Octocat-spinner-32 README.textile
Octocat-spinner-32 example.xml
Octocat-spinner-32 rexml-expansion-fix.gemspec
README.textile

REXML Expansion Fix

The version of rexml which ships with ruby at present will not restrict the total number of entity expanstions when processing inline attributes. This can allow specially crafted documents to consume enormous amounts of CPU. To prevent this from happening this fix causes processing to abort processing after a certain number of expansions have taken place. The limit defaults to 10000 but you can change it as follows:

REXML::Document.entity_expansion_limit= 50

The example xml in example.xml can be used to verify that your application is safe.

Something went wrong with that request. Please try again.