nokogiri 1.5.4.rc1-java → 1.5.4.rc2-java
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of nokogiri might be problematic. Click here for more details.
- data/CHANGELOG.ja.rdoc +3 -0
- data/CHANGELOG.rdoc +4 -2
- data/lib/nokogiri/nokogiri.jar +0 -0
- data/lib/nokogiri/version.rb +1 -1
- data/lib/nokogiri/xml/parse_options.rb +6 -1
- data/test/xml/test_parse_options.rb +12 -0
- metadata +2 -2
data/CHANGELOG.ja.rdoc
CHANGED
@@ -10,6 +10,9 @@
|
|
10
10
|
|
11
11
|
* Segmentation fault when creating a comment node for a DocumentFragment. #677, #678.
|
12
12
|
* Treat '.' as xpath in at() and search(). #690
|
13
|
+
* [MRI] [Security] Default parse options for XML documents were
|
14
|
+
changed to not make network connections during document parsing,
|
15
|
+
to avoid XXE vulnerability. #693
|
13
16
|
|
14
17
|
|
15
18
|
== 1.5.3 / 2012-06-01
|
data/CHANGELOG.rdoc
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
* Features
|
4
4
|
|
5
|
-
* The "nokogiri" script now has more verbose output when passed the `--rng` option. (Thanks, Dan Radez!)
|
5
|
+
* The "nokogiri" script now has more verbose output when passed the `--rng` option. #675 (Thanks, Dan Radez!)
|
6
6
|
* Build support on hardened Debian systems that use `-Werror=format-security`. #680.
|
7
7
|
* Better build support for systems with pkg-config. #584
|
8
8
|
|
@@ -10,7 +10,9 @@
|
|
10
10
|
|
11
11
|
* Segmentation fault when creating a comment node for a DocumentFragment. #677, #678.
|
12
12
|
* Treat '.' as xpath in at() and search(). #690
|
13
|
-
|
13
|
+
* [MRI] [Security] Default parse options for XML documents were
|
14
|
+
changed to not make network connections during document parsing,
|
15
|
+
to avoid XXE vulnerability. #693
|
14
16
|
|
15
17
|
== 1.5.3 / 2012-06-01
|
16
18
|
|
data/lib/nokogiri/nokogiri.jar
CHANGED
Binary file
|
data/lib/nokogiri/version.rb
CHANGED
@@ -47,7 +47,7 @@ module Nokogiri
|
|
47
47
|
HUGE = 1 << 19
|
48
48
|
|
49
49
|
# the default options used for parsing XML documents
|
50
|
-
DEFAULT_XML = RECOVER
|
50
|
+
DEFAULT_XML = RECOVER | NONET
|
51
51
|
# the default options used for parsing HTML documents
|
52
52
|
DEFAULT_HTML = RECOVER | NOERROR | NOWARNING | NONET
|
53
53
|
|
@@ -64,6 +64,11 @@ module Nokogiri
|
|
64
64
|
self
|
65
65
|
end
|
66
66
|
|
67
|
+
def no#{constant.downcase}
|
68
|
+
@options &= ~#{constant}
|
69
|
+
self
|
70
|
+
end
|
71
|
+
|
67
72
|
def #{constant.downcase}?
|
68
73
|
#{constant} & @options == #{constant}
|
69
74
|
end
|
@@ -35,6 +35,18 @@ module Nokogiri
|
|
35
35
|
assert_equal 1 << 1, options.options
|
36
36
|
end
|
37
37
|
|
38
|
+
def test_unsetting
|
39
|
+
options = Nokogiri::XML::ParseOptions.new Nokogiri::XML::ParseOptions::DEFAULT_HTML
|
40
|
+
assert options.nonet?
|
41
|
+
assert options.recover?
|
42
|
+
options.nononet.norecover
|
43
|
+
assert ! options.nonet?
|
44
|
+
assert ! options.recover?
|
45
|
+
options.nonet.recover
|
46
|
+
assert options.nonet?
|
47
|
+
assert options.recover?
|
48
|
+
end
|
49
|
+
|
38
50
|
def test_chaining
|
39
51
|
options = Nokogiri::XML::ParseOptions.new.recover.noent
|
40
52
|
assert options.recover?
|
metadata
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
name: nokogiri
|
3
3
|
version: !ruby/object:Gem::Version
|
4
4
|
prerelease: 6
|
5
|
-
version: 1.5.4.
|
5
|
+
version: 1.5.4.rc2
|
6
6
|
platform: java
|
7
7
|
authors:
|
8
8
|
- Aaron Patterson
|
@@ -12,7 +12,7 @@ autorequire:
|
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
14
|
|
15
|
-
date: 2012-06-
|
15
|
+
date: 2012-06-08 00:00:00 Z
|
16
16
|
dependencies:
|
17
17
|
- !ruby/object:Gem::Dependency
|
18
18
|
name: hoe-bundler
|