Permalink
Browse files

Merge pull request #1 from yannk/master

Prevent external entities attacks
  • Loading branch information...
2 parents dedef67 + 84a1719 commit 25870087662c09567852a28bce26df8bfe6cb59b @miyagawa committed Jun 14, 2011
Showing with 8 additions and 1 deletion.
  1. +8 −1 lib/Web/oEmbed/Response.pm
@@ -62,7 +62,14 @@ sub parse_json {
sub parse_xml {
my($self, $xml) = @_;
require XML::LibXML::Simple;
- XML::LibXML::Simple->new->XMLin($xml);
+ my $parser_opts = {
+ no_network => 1,
+ expand_xinclude => 0,
+ expand_entities => 1,
+ load_ext_dtd => 0,
+ ext_ent_handler => sub { warn "External entities disabled."; '' },
+ };
+ XML::LibXML::Simple->new(parser_opts => $parser_opts)->XMLin($xml);
}
sub render {

0 comments on commit 2587008

Please sign in to comment.