nokogiri 1.10.8 → 1.10.9
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of nokogiri might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/ext/nokogiri/xml_schema.c +29 -0
- data/lib/nokogiri/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3d1d5c9d95d1e0a6a38567773f0d2e757cf47f8a2682f075378b72c9f6df0630
|
|
4
|
+
data.tar.gz: beb788ad86795af43d5e071e0be74264b0964d47c4fb675edd09680780e05f8a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f55b5734fbecbbf37fca001abe0295512508164b343719cdec50d00773c811c1ec881680587eef70aa4bd9ec12d9e8f07f35e214a2991a7785ba9e58ad182f08
|
|
7
|
+
data.tar.gz: ce4602dca04823b0f80592285f7c2d24489b1fd04df7368f25d0466d0c5b22940c5afbad4e9640c97221caae74ce385e53f03e1ae23269a3b42af1861c34fb25
|
data/ext/nokogiri/xml_schema.c
CHANGED
|
@@ -133,6 +133,31 @@ static VALUE read_memory(VALUE klass, VALUE content)
|
|
|
133
133
|
return rb_schema;
|
|
134
134
|
}
|
|
135
135
|
|
|
136
|
+
/* Schema creation will remove and deallocate "blank" nodes.
|
|
137
|
+
* If those blank nodes have been exposed to Ruby, they could get freed
|
|
138
|
+
* out from under the VALUE pointer. This function checks to see if any of
|
|
139
|
+
* those nodes have been exposed to Ruby, and if so we should raise an exception.
|
|
140
|
+
*/
|
|
141
|
+
static int has_blank_nodes_p(VALUE cache)
|
|
142
|
+
{
|
|
143
|
+
long i;
|
|
144
|
+
|
|
145
|
+
if (NIL_P(cache)) {
|
|
146
|
+
return 0;
|
|
147
|
+
}
|
|
148
|
+
|
|
149
|
+
for (i = 0; i < RARRAY_LEN(cache); i++) {
|
|
150
|
+
xmlNodePtr node;
|
|
151
|
+
VALUE element = rb_ary_entry(cache, i);
|
|
152
|
+
Data_Get_Struct(element, xmlNode, node);
|
|
153
|
+
if (xmlIsBlankNode(node)) {
|
|
154
|
+
return 1;
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
return 0;
|
|
159
|
+
}
|
|
160
|
+
|
|
136
161
|
/*
|
|
137
162
|
* call-seq:
|
|
138
163
|
* from_document(doc)
|
|
@@ -152,6 +177,10 @@ static VALUE from_document(VALUE klass, VALUE document)
|
|
|
152
177
|
/* In case someone passes us a node. ugh. */
|
|
153
178
|
doc = doc->doc;
|
|
154
179
|
|
|
180
|
+
if (has_blank_nodes_p(DOC_NODE_CACHE(doc))) {
|
|
181
|
+
rb_raise(rb_eArgError, "Creating a schema from a document that has blank nodes exposed to Ruby is dangerous");
|
|
182
|
+
}
|
|
183
|
+
|
|
155
184
|
ctx = xmlSchemaNewDocParserCtxt(doc);
|
|
156
185
|
|
|
157
186
|
errors = rb_ary_new();
|
data/lib/nokogiri/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: nokogiri
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.10.
|
|
4
|
+
version: 1.10.9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Aaron Patterson
|
|
@@ -14,7 +14,7 @@ authors:
|
|
|
14
14
|
autorequire:
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
|
-
date: 2020-
|
|
17
|
+
date: 2020-03-01 00:00:00.000000000 Z
|
|
18
18
|
dependencies:
|
|
19
19
|
- !ruby/object:Gem::Dependency
|
|
20
20
|
name: mini_portile2
|