nokogiri 1.10.8-java → 1.10.9-java
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of nokogiri might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/ext/java/nokogiri/XmlNodeSet.java +2 -1
- data/ext/nokogiri/xml_schema.c +29 -0
- data/lib/nokogiri/nokogiri.jar +0 -0
- data/lib/nokogiri/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 30b45e844544b442de9e1b6e0d7563366691987d706c644852ac2a43b98e21aa
|
4
|
+
data.tar.gz: 72a92174b6c7212e855d5ad837a6a057aa037e787c1a5bfbafc51b01e4bcc005
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5a73e36df6a440644e9597b17d6d981fe04b2dbd4487b69491eaff3501f503e181c33f5531b8fdca363c52789ad211b5a05c70f4a78eddd7819ad0ecd506b892
|
7
|
+
data.tar.gz: e6b1bb8a4a6a499a893db8df894fd88eb4f90c9b819ec2317a824d50054dfbbaa6cc5af957d22d554cd2d9a6c96d5755ef407eca4d524a54cbd8878e7a1ad3df
|
@@ -39,6 +39,7 @@ import static nokogiri.internals.NokogiriHelpers.nodeListToRubyArray;
|
|
39
39
|
import java.util.Arrays;
|
40
40
|
|
41
41
|
import org.jruby.Ruby;
|
42
|
+
import org.jruby.RubyArray;
|
42
43
|
import org.jruby.RubyClass;
|
43
44
|
import org.jruby.RubyFixnum;
|
44
45
|
import org.jruby.RubyObject;
|
@@ -391,7 +392,7 @@ outer:
|
|
391
392
|
}
|
392
393
|
|
393
394
|
@JRubyMethod(name = {"to_a", "to_ary"})
|
394
|
-
public
|
395
|
+
public RubyArray to_a(ThreadContext context) {
|
395
396
|
return context.runtime.newArrayNoCopy(nodes);
|
396
397
|
}
|
397
398
|
|
data/ext/nokogiri/xml_schema.c
CHANGED
@@ -133,6 +133,31 @@ static VALUE read_memory(VALUE klass, VALUE content)
|
|
133
133
|
return rb_schema;
|
134
134
|
}
|
135
135
|
|
136
|
+
/* Schema creation will remove and deallocate "blank" nodes.
|
137
|
+
* If those blank nodes have been exposed to Ruby, they could get freed
|
138
|
+
* out from under the VALUE pointer. This function checks to see if any of
|
139
|
+
* those nodes have been exposed to Ruby, and if so we should raise an exception.
|
140
|
+
*/
|
141
|
+
static int has_blank_nodes_p(VALUE cache)
|
142
|
+
{
|
143
|
+
long i;
|
144
|
+
|
145
|
+
if (NIL_P(cache)) {
|
146
|
+
return 0;
|
147
|
+
}
|
148
|
+
|
149
|
+
for (i = 0; i < RARRAY_LEN(cache); i++) {
|
150
|
+
xmlNodePtr node;
|
151
|
+
VALUE element = rb_ary_entry(cache, i);
|
152
|
+
Data_Get_Struct(element, xmlNode, node);
|
153
|
+
if (xmlIsBlankNode(node)) {
|
154
|
+
return 1;
|
155
|
+
}
|
156
|
+
}
|
157
|
+
|
158
|
+
return 0;
|
159
|
+
}
|
160
|
+
|
136
161
|
/*
|
137
162
|
* call-seq:
|
138
163
|
* from_document(doc)
|
@@ -152,6 +177,10 @@ static VALUE from_document(VALUE klass, VALUE document)
|
|
152
177
|
/* In case someone passes us a node. ugh. */
|
153
178
|
doc = doc->doc;
|
154
179
|
|
180
|
+
if (has_blank_nodes_p(DOC_NODE_CACHE(doc))) {
|
181
|
+
rb_raise(rb_eArgError, "Creating a schema from a document that has blank nodes exposed to Ruby is dangerous");
|
182
|
+
}
|
183
|
+
|
155
184
|
ctx = xmlSchemaNewDocParserCtxt(doc);
|
156
185
|
|
157
186
|
errors = rb_ary_new();
|
data/lib/nokogiri/nokogiri.jar
CHANGED
Binary file
|
data/lib/nokogiri/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nokogiri
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.10.
|
4
|
+
version: 1.10.9
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Aaron Patterson
|
@@ -14,7 +14,7 @@ authors:
|
|
14
14
|
autorequire:
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
|
-
date: 2020-
|
17
|
+
date: 2020-03-01 00:00:00.000000000 Z
|
18
18
|
dependencies:
|
19
19
|
- !ruby/object:Gem::Dependency
|
20
20
|
requirement: !ruby/object:Gem::Requirement
|