Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Prevent external entities attacks #1

Merged
merged 1 commit into from

2 participants

Yann Kerhervé Tatsuhiko Miyagawa
This page is out of date. Refresh to see the latest.
Showing with 8 additions and 1 deletion.
  1. +8 −1 lib/Web/oEmbed/Response.pm
9 lib/Web/oEmbed/Response.pm
View
@@ -62,7 +62,14 @@ sub parse_json {
sub parse_xml {
my($self, $xml) = @_;
require XML::LibXML::Simple;
- XML::LibXML::Simple->new->XMLin($xml);
+ my $parser_opts = {
+ no_network => 1,
+ expand_xinclude => 0,
+ expand_entities => 1,
+ load_ext_dtd => 0,
+ ext_ent_handler => sub { warn "External entities disabled."; '' },
+ };
+ XML::LibXML::Simple->new(parser_opts => $parser_opts)->XMLin($xml);
}
sub render {
Something went wrong with that request. Please try again.