nokogiri 1.19.3-java → 1.19.4-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2bb4f7cf56ac58bc4e99300bd71fe3d36420c82b98cbe7f01c4cf6473ce4baf3
-  data.tar.gz: f3eb382fa3fcb71e4c8376e503d8a7815890934279e43679c7d48bb1b34c9aca
+  metadata.gz: 32e93c6e2814b80a5552965415a65afff14ae5c0253df5b08fdc0e036dd67a1b
+  data.tar.gz: 61a91323350c59f22132ca3e67266dc46f9d69bbd7ecec92c192d7a079b84c33
 SHA512:
-  metadata.gz: b91a5e7138ed2e23eae23a550079089a4b11c48737772ef696fc5696a2df0e5cd67a928f3cff8834ed678cfa09ef2a3dc39aac2ecbdbdcae68327d507a402456
-  data.tar.gz: f50bd24b0f17b221e477f6be5d388a8dd02d9a2ae8bf0b60f34db93dce64ba002f152286b0a1e439527915e29ac0739b2f8713e874aa4521147ac52875c4d3a7
+  metadata.gz: daeef7e9be94229f49fba17511aa0f3be1fefe88a82cac0c94a2ea3b5452e6c937584ec6f1383ac1cbbbcd223c46f91cceb1044e10068b9649ab64fb239d82c6
+  data.tar.gz: 7f5552b74774881aa06739963f1368b69b3b8e937fc3ce91a89e6c4fd55056acb1bb11d56f5916d35115bc862314eccc7a9cca8a2e4bcf794d88a195fd5de833

data/ext/java/nokogiri/XmlAttr.java

@@ -100,6 +100,9 @@ public class XmlAttr extends XmlNode
   public IRubyObject
   value_set(ThreadContext context, IRubyObject content)
   {
+    if (node == null) {
+      throw context.runtime.newRuntimeError("Uninitialized " + getMetaClass().getRealClass().getName() + " struct (null data pointer)");
+    }
     Attr attr = (Attr) node;
     if (content != null && !content.isNil()) {
       attr.setValue(rubyStringToString(XmlNode.encode_special_chars(context, content)));

data/ext/java/nokogiri/XmlDocument.java

@@ -319,7 +319,7 @@ public class XmlDocument extends XmlNode
   public IRubyObject
   encoding_set(IRubyObject encoding)
   {
-    this.encoding = encoding;
+    this.encoding = encoding.convertToString();
     return this;
   }
 
@@ -441,6 +441,10 @@ public class XmlDocument extends XmlNode
     }
     XmlNode newRoot = asXmlNode(context, new_root);
 
+    if (newRoot.node.getNodeType() != Node.ELEMENT_NODE) {
+      throw context.runtime.newTypeError("root must be a Nokogiri::XML::Element");
+    }
+
     IRubyObject root = root(context);
     if (root.isNil()) {
       Node newRootNode;

data/ext/java/nokogiri/XmlNodeSet.java

@@ -326,16 +326,16 @@ public class XmlNodeSet extends RubyObject implements NodeList
   //  https://github.com/jruby/jruby/blame/13a3ec76d883a162b9d46c374c6e9eeea27b3261/core/src/main/java/org/jruby/RubyRange.java#L974
   //  once we upgraded the min JRuby version to >= 9.2
   private static IRubyObject
-  rangeBeginLength(ThreadContext context, IRubyObject rangeMaybe, int len, int[] begLen)
+  rangeBeginLength(ThreadContext context, IRubyObject rangeMaybe, int len, long[] begLen)
   {
     RubyRange range = (RubyRange) rangeMaybe;
-    int min = range.begin(context).convertToInteger().getIntValue();
-    int max = range.end(context).convertToInteger().getIntValue();
+    long min = range.begin(context).convertToInteger().getLongValue();
+    long max = range.end(context).convertToInteger().getLongValue();
 
     if (min < 0) {
       min += len;
       if (min < 0) {
-        throw context.runtime.newRangeError(min + ".." + (range.isExcludeEnd() ? "." : "") + max + " out of range");
+        return context.nil;
       }
     }
 
@@ -358,20 +358,22 @@ public class XmlNodeSet extends RubyObject implements NodeList
   slice(ThreadContext context, IRubyObject indexOrRange)
   {
     if (indexOrRange instanceof RubyFixnum) {
-      return slice(context, ((RubyFixnum) indexOrRange).getIntValue());
+      return slice(context, ((RubyFixnum) indexOrRange).getLongValue());
     }
     if (indexOrRange instanceof RubyRange) {
-      int[] begLen = new int[2];
-      rangeBeginLength(context, indexOrRange, nodes.length, begLen);
-      int min = begLen[0];
-      int max = begLen[1];
+      long[] begLen = new long[2];
+      if (rangeBeginLength(context, indexOrRange, nodes.length, begLen).isNil()) {
+        return context.nil;
+      }
+      long min = begLen[0];
+      long max = begLen[1];
       return subseq(context, min, max - min);
     }
     throw context.runtime.newTypeError("index must be an Integer or a Range");
   }
 
   IRubyObject
-  slice(ThreadContext context, int idx)
+  slice(ThreadContext context, long idx)
   {
     if (idx < 0) {
       idx += nodes.length;
@@ -381,15 +383,15 @@ public class XmlNodeSet extends RubyObject implements NodeList
       return context.nil;
     }
 
-    return nodes[idx];
+    return nodes[(int) idx];
   }
 
   @JRubyMethod(name = {"[]", "slice"})
   public IRubyObject
   slice(ThreadContext context, IRubyObject start, IRubyObject length)
   {
-    int s = ((RubyFixnum) start).getIntValue();
-    int l = ((RubyFixnum) length).getIntValue();
+    long s = ((RubyFixnum) start).getLongValue();
+    long l = ((RubyFixnum) length).getLongValue();
 
     if (s < 0) {
       s += nodes.length;
@@ -399,23 +401,15 @@ public class XmlNodeSet extends RubyObject implements NodeList
   }
 
   public IRubyObject
-  subseq(ThreadContext context, int start, int length)
+  subseq(ThreadContext context, long start, long length)
   {
-    if (start > nodes.length) {
-      return context.nil;
-    }
-
-    if (start < 0 || length < 0) {
+    if (start < 0 || length < 0 || start > nodes.length) {
       return context.nil;
     }
 
-    if (start + length > nodes.length) {
-      length = nodes.length - start;
-    }
-
-    int to = start + length;
+    long end = start + Math.min(length, nodes.length - start);
 
-    return newNodeSet(context.runtime, Arrays.copyOfRange(nodes, start, to));
+    return newNodeSet(context.runtime, Arrays.copyOfRange(nodes, (int) start, (int) end));
   }
 
   @JRubyMethod(name = {"to_a", "to_ary"})

data/ext/java/nokogiri/XmlSchema.java

@@ -8,6 +8,9 @@ import java.io.InputStream;
 import java.io.Reader;
 import java.io.StringReader;
 
+import java.net.URI;
+import java.net.URISyntaxException;
+
 import javax.xml.XMLConstants;
 import javax.xml.transform.Source;
 import javax.xml.transform.dom.DOMSource;
@@ -285,24 +288,103 @@ public class XmlSchema extends RubyObject
                     String systemId,
                     String baseURI)
     {
-      if (noNet && systemId != null && (systemId.startsWith("http://") || systemId.startsWith("ftp://"))) {
-        if (systemId.startsWith(XMLConstants.W3C_XML_SCHEMA_NS_URI)) {
-          return null; // use default resolver
-        }
+      if (noNet && !effectiveResourceIsLocal(systemId, baseURI)) {
         try {
           this.errorHandler.warning(new SAXParseException(String.format("Attempt to load network entity '%s'", systemId), null));
         } catch (SAXException ex) {
         }
-      } else {
-        String adjusted = adjustSystemIdIfNecessary(currentDir, scriptFileName, baseURI, systemId);
-        lsInput.setPublicId(publicId);
-        lsInput.setSystemId(adjusted != null ? adjusted : systemId);
-        lsInput.setBaseURI(baseURI);
+        return new SchemaLSInput(); // an empty input blocks the fetch
       }
+
+      String adjusted = adjustSystemIdIfNecessary(currentDir, scriptFileName, baseURI, systemId);
+      lsInput.setPublicId(publicId);
+      lsInput.setSystemId(adjusted != null ? adjusted : systemId);
+      lsInput.setBaseURI(baseURI);
       return lsInput;
     }
   }
 
+  // We enforce NONET for schema resolution by hand because Xerces-J (the JAXP implementation
+  // backing XML::Schema on JRuby) does not implement the standard JAXP property
+  // XMLConstants.ACCESS_EXTERNAL_SCHEMA — so we cannot simply restrict external access on the
+  // SchemaFactory and must classify each resolved resource in the LSResourceResolver instead.
+  //
+  // Decides whether a schema-import resource may be resolved while NONET is on: true means
+  // local (allowed), false means a network resource (blocked). A relative systemId inherits
+  // its document's base, so it is resolved against baseURI before classification — a relative
+  // import under a remote base is a network fetch even though the systemId alone looks local.
+  private static boolean
+  effectiveResourceIsLocal(String systemId, String baseURI)
+  {
+    // a null systemId means there is nothing external to resolve
+    if (systemId == null) {
+      return true;
+    }
+    try {
+      URI uri = new URI(systemId);
+      if (baseURI != null && !baseURI.isEmpty()) {
+        uri = new URI(baseURI).resolve(uri);
+      }
+      return isLocalResource(uri);
+    } catch (URISyntaxException | IllegalArgumentException e) {
+      // fail closed: an unparseable base or systemId (e.g. a raw UNC path "\\host\share") is
+      // not provably local, and the JVM's file/URL handling may still reach the network
+      return false;
+    }
+  }
+
+  // Test seam for the Ruby suite: local_resource?(systemId, baseURI = nil).
+  @JRubyMethod(meta = true, name = "local_resource?", required = 1, optional = 1, visibility = Visibility.PRIVATE)
+  public static IRubyObject
+  local_resource_eh(ThreadContext context, IRubyObject klazz, IRubyObject[] args)
+  {
+    String systemId = args[0].isNil() ? null : args[0].asJavaString();
+    String baseURI = (args.length > 1 && !args[1].isNil()) ? args[1].asJavaString() : null;
+    return context.runtime.newBoolean(effectiveResourceIsLocal(systemId, baseURI));
+  }
+
+  // Classifies an already-parsed URI. Local is a missing scheme, or the "file" scheme, with
+  // no remote authority and no UNC-shaped path. This is intentionally stricter than libxml2's
+  // xmlNoNetExternalEntityLoader, which folds a remote host (file://host/...) into a local
+  // path rather than rejecting it.
+  //
+  // TODO: a Windows drive-letter path like "C:\path" parses as scheme "c" and would be
+  // blocked; support those if we need it later.
+  private static boolean
+  isLocalResource(URI uri)
+  {
+    // only a missing scheme (a relative or absolute path) or file: can be local; any
+    // other scheme is a network resource
+    String scheme = uri.getScheme();
+    if (scheme != null && !scheme.equalsIgnoreCase("file")) {
+      return false;
+    }
+
+    // an opaque "file:" URI (e.g. file:foo, with no "//") is not a usable local path; reject
+    // it, matching libxml2, which does not resolve that form as a local file either
+    if (uri.isOpaque()) {
+      return false;
+    }
+
+    // a non-empty, non-localhost authority is a remote host — file://host/path, or the
+    // schemeless network-path form //host/path. Stricter than libxml2, which folds such a
+    // host into a (failing) local path.
+    String authority = uri.getRawAuthority();
+    if (authority != null && !authority.isEmpty() && !authority.equalsIgnoreCase("localhost")) {
+      return false;
+    }
+
+    // reject UNC-shaped paths even under an allowed authority: file:////host/share,
+    // file://localhost//host/share, and %2f/%5c-encoded variants. getPath() is decoded, so
+    // the encoded forms are normalized before this check.
+    String path = uri.getPath();
+    if (path != null && (path.startsWith("//") || path.indexOf('\\') >= 0)) {
+      return false;
+    }
+
+    return true;
+  }
+
   private class SchemaLSInput implements LSInput
   {
     protected String fPublicId;

data/ext/nokogiri/nokogiri.c

@@ -203,9 +203,6 @@ Init_nokogiri(void)
   rb_const_set(mNokogiri, rb_intern("LIBXSLT_COMPILED_VERSION"), NOKOGIRI_STR_NEW2(LIBXSLT_DOTTED_VERSION));
   rb_const_set(mNokogiri, rb_intern("LIBXSLT_LOADED_VERSION"), NOKOGIRI_STR_NEW2(xsltEngineVersion));
 
-  rb_const_set(mNokogiri, rb_intern("LIBXML_ZLIB_ENABLED"),
-               xmlHasFeature(XML_WITH_ZLIB) == 1 ? Qtrue : Qfalse);
-
 #ifdef NOKOGIRI_PACKAGED_LIBRARIES
   rb_const_set(mNokogiri, rb_intern("PACKAGED_LIBRARIES"), Qtrue);
 #  ifdef NOKOGIRI_PRECOMPILED_LIBRARIES
@@ -228,6 +225,12 @@ Init_nokogiri(void)
   rb_const_set(mNokogiri, rb_intern("LIBXML_ICONV_ENABLED"), Qfalse);
 #endif
 
+  rb_const_set(mNokogiri, rb_intern("LIBXML_ZLIB_ENABLED"),
+               xmlHasFeature(XML_WITH_ZLIB) == 1 ? Qtrue : Qfalse);
+
+  rb_const_set(mNokogiri, rb_intern("LIBXML_HTTP_ENABLED"),
+               xmlHasFeature(XML_WITH_HTTP) == 1 ? Qtrue : Qfalse);
+
 #ifdef NOKOGIRI_OTHER_LIBRARY_VERSIONS
   rb_const_set(mNokogiri, rb_intern("OTHER_LIBRARY_VERSIONS"), NOKOGIRI_STR_NEW2(NOKOGIRI_OTHER_LIBRARY_VERSIONS));
 #endif

data/ext/nokogiri/xml_attr.c

@@ -10,37 +10,42 @@ VALUE cNokogiriXmlAttr;
  * (e.g., a HTML boolean attribute).
  */
 static VALUE
-set_value(VALUE self, VALUE content)
+noko_xml_attr_set_value(VALUE self, VALUE content)
 {
   xmlAttrPtr attr;
-  xmlChar *value;
-  xmlNode *cur;
 
   Noko_Node_Get_Struct(self, xmlAttr, attr);
 
-  if (attr->children) {
-    xmlFreeNodeList(attr->children);
+  {
+    /* Unlink and pin any wrapped children */
+    xmlNode *cur = attr->children;
+    xmlNode *next;
+
+    while (cur) {
+      next = cur->next;
+      if (cur->_private) {
+        xmlUnlinkNode(cur);
+        noko_xml_document_pin_node(cur);
+      }
+      cur = next;
+    }
   }
-  attr->children = attr->last = NULL;
 
   if (content == Qnil) {
-    return content;
-  }
-
-  value = xmlEncodeEntitiesReentrant(attr->doc, (unsigned char *)StringValueCStr(content));
-  if (xmlStrlen(value) == 0) {
-    attr->children = xmlNewDocText(attr->doc, value);
+    xmlNodeSetContent((xmlNodePtr)attr, NULL); /* Clear any remaining unwrapped children. */
   } else {
-    attr->children = xmlStringGetNodeList(attr->doc, value);
-  }
-  xmlFree(value);
+    xmlChar *value = xmlEncodeEntitiesReentrant(attr->doc, (unsigned char *)StringValueCStr(content));
+
+    if (xmlStrlen(value) == 0) {
+      xmlNodeSetContent((xmlNodePtr)attr, NULL); /* Clear any remaining unwrapped children. */
 
-  for (cur = attr->children; cur; cur = cur->next) {
-    cur->parent = (xmlNode *)attr;
-    cur->doc = attr->doc;
-    if (cur->next == NULL) {
-      attr->last = cur;
+      /* Preserve empty-string attributes as `foo=""` and not boolean `foo` */
+      attr->children = attr->last = xmlNewDocText(attr->doc, value);
+      attr->children->parent = (xmlNode *)attr;
+    } else {
+      xmlNodeSetContent((xmlNodePtr)attr, value);
     }
+    xmlFree(value);
   }
 
   return content;
@@ -53,7 +58,7 @@ set_value(VALUE self, VALUE content)
  * Create a new Attr element on the +document+ with +name+
  */
 static VALUE
-new (int argc, VALUE *argv, VALUE klass)
+noko_xml_attr__new(int argc, VALUE *argv, VALUE klass)
 {
   xmlDocPtr xml_doc;
   VALUE document;
@@ -97,7 +102,7 @@ noko_init_xml_attr(void)
    */
   cNokogiriXmlAttr = rb_define_class_under(mNokogiriXml, "Attr", cNokogiriXmlNode);
 
-  rb_define_singleton_method(cNokogiriXmlAttr, "new", new, -1);
+  rb_define_singleton_method(cNokogiriXmlAttr, "new", noko_xml_attr__new, -1);
 
-  rb_define_method(cNokogiriXmlAttr, "value=", set_value, 1);
+  rb_define_method(cNokogiriXmlAttr, "value=", noko_xml_attr_set_value, 1);
 }

data/ext/nokogiri/xml_document.c

@@ -255,12 +255,6 @@ rb_xml_document_root_set(VALUE self, VALUE rb_new_root)
 
   c_document = noko_xml_document_unwrap(self);
 
-  c_current_root = xmlDocGetRootElement(c_document);
-  if (c_current_root) {
-    xmlUnlinkNode(c_current_root);
-    noko_xml_document_pin_node(c_current_root);
-  }
-
   if (!NIL_P(rb_new_root)) {
     if (!rb_obj_is_kind_of(rb_new_root, cNokogiriXmlNode)) {
       rb_raise(rb_eArgError,
@@ -270,13 +264,23 @@ rb_xml_document_root_set(VALUE self, VALUE rb_new_root)
 
     Noko_Node_Get_Struct(rb_new_root, xmlNode, c_new_root);
 
-    /* If the new root's document is not the same as the current document,
-     * then we need to dup the node in to this document. */
-    if (c_new_root->doc != c_document) {
-      c_new_root = xmlDocCopyNode(c_new_root, c_document, 1);
-      if (!c_new_root) {
-        rb_raise(rb_eRuntimeError, "Could not reparent node (xmlDocCopyNode)");
-      }
+    if (c_new_root->type != XML_ELEMENT_NODE) {
+      rb_raise(rb_eTypeError, "root must be a Nokogiri::XML::Element");
+    }
+  }
+
+  c_current_root = xmlDocGetRootElement(c_document);
+  if (c_current_root) {
+    xmlUnlinkNode(c_current_root);
+    noko_xml_document_pin_node(c_current_root);
+  }
+
+  /* If the new root's document is not the same as the current document,
+   * then we need to dup the node in to this document. */
+  if (c_new_root && c_new_root->doc != c_document) {
+    c_new_root = xmlDocCopyNode(c_new_root, c_document, 1);
+    if (!c_new_root) {
+      rb_raise(rb_eRuntimeError, "Could not reparent node (xmlDocCopyNode)");
     }
   }
 
@@ -317,12 +321,13 @@ static VALUE
 set_encoding(VALUE self, VALUE encoding)
 {
   xmlDocPtr doc = noko_xml_document_unwrap(self);
+  xmlChar *new_encoding = xmlStrdup((xmlChar *)StringValueCStr(encoding));
 
   if (doc->encoding) {
     xmlFree(DISCARD_CONST_QUAL_XMLCHAR(doc->encoding));
   }
 
-  doc->encoding = xmlStrdup((xmlChar *)StringValueCStr(encoding));
+  doc->encoding = new_encoding;
 
   return encoding;
 }
@@ -708,6 +713,9 @@ noko_xml_document_unwrap(VALUE rb_document)
 {
   xmlDocPtr c_document;
   TypedData_Get_Struct(rb_document, xmlDoc, &xml_doc_type, c_document);
+  if (c_document == NULL) {
+    rb_raise(rb_eRuntimeError, "Uninitialized %" PRIsVALUE " struct (null data pointer)", rb_obj_class(rb_document));
+  }
   return c_document;
 }
 

data/ext/nokogiri/xml_node.c

@@ -971,6 +971,10 @@ rb_xml_node_initialize_copy_with_args(VALUE rb_self, VALUE rb_other, VALUE rb_le
   xmlDocPtr c_new_parent_doc;
   VALUE rb_node_cache;
 
+  if (!rb_obj_is_kind_of(rb_other, cNokogiriXmlNode)) {
+    rb_raise(rb_eTypeError, "argument must be a kind of Nokogiri::XML::Node");
+  }
+
   Noko_Node_Get_Struct(rb_other, xmlNode, c_other);
   c_level = (int)NUM2INT(rb_level);
   c_new_parent_doc = noko_xml_document_unwrap(rb_new_parent_doc);
@@ -2150,25 +2154,20 @@ compare(VALUE self, VALUE _other)
 
 
 /*
- * call-seq:
- *   process_xincludes(flags)
- *
- * Loads and substitutes all xinclude elements below the node. The
- * parser context will be initialized with +flags+.
+ * Run XInclude substitution over the tree rooted at +c_node+, with the parser context initialized
+ * from +c_flags+. Collects libxml2's structured errors and raises Nokogiri::XML::SyntaxError (or
+ * RuntimeError) on failure.
  */
-static VALUE
-noko_xml_node__process_xincludes(VALUE rb_node, VALUE rb_flags)
+static void
+_noko_xml_node_process_xinclude_subtree(xmlNodePtr c_node, int c_flags)
 {
   int status ;
-  xmlNodePtr c_node;
   VALUE rb_errors = rb_ary_new();
   libxmlStructuredErrorHandlerState handler_state;
 
-  Noko_Node_Get_Struct(rb_node, xmlNode, c_node);
-
   noko__structured_error_func_save_and_set(&handler_state, (void *)rb_errors, noko__error_array_pusher);
 
-  status = xmlXIncludeProcessTreeFlags(c_node, (int)NUM2INT(rb_flags));
+  status = xmlXIncludeProcessTreeFlags(c_node, c_flags);
 
   noko__structured_error_func_restore(&handler_state);
 
@@ -2181,11 +2180,77 @@ noko_xml_node__process_xincludes(VALUE rb_node, VALUE rb_flags)
       rb_raise(rb_eRuntimeError, "Could not perform xinclude substitution");
     }
   }
+}
+
+
+/*
+ * Whether +c_node+ is an <xi:include> element in either the 2001 or 2003 XInclude namespace.
+ */
+static int
+_noko_xml_node_xinclude_element_p(xmlNodePtr c_node)
+{
+  return c_node->type == XML_ELEMENT_NODE
+         && xmlStrEqual(c_node->name, XINCLUDE_NODE)
+         && c_node->ns != NULL
+         && (xmlStrEqual(c_node->ns->href, XINCLUDE_NS) || xmlStrEqual(c_node->ns->href, XINCLUDE_OLD_NS));
+}
+
+
+/*
+ * call-seq:
+ *   process_xincludes(flags)
+ *
+ * Loads and substitutes all xinclude elements below the node. The
+ * parser context will be initialized with +flags+.
+ */
+static VALUE
+noko_xml_node__process_xincludes(VALUE rb_node, VALUE rb_flags)
+{
+  xmlNodePtr c_node;
+
+  Noko_Node_Get_Struct(rb_node, xmlNode, c_node);
+
+  if (c_node->parent == NULL && _noko_xml_node_xinclude_element_p(c_node)) {
+    rb_raise(rb_eRuntimeError, "cannot process XInclude on an unlinked <xi:include> node");
+  }
+
+  _noko_xml_node_process_xinclude_subtree(c_node, (int)NUM2INT(rb_flags));
 
   return rb_node;
 }
 
 
+/*
+ * Process this single <xi:include> node, substituting an unwrapped copy of it in its place so
+ * that libxml2 frees the copy. This node is unlinked and pinned to the document, so any Ruby
+ * wrapper for it (or for its descendants or namespaces) keeps pointing at valid memory. The
+ * parser context is initialized with +flags+.
+ */
+static VALUE
+noko_xml_node__safe_process_xinclude(VALUE rb_node, VALUE rb_flags)
+{
+  xmlNodePtr c_node, c_copy;
+
+  Noko_Node_Get_Struct(rb_node, xmlNode, c_node);
+
+  if (c_node->parent == NULL) {
+    rb_raise(rb_eRuntimeError, "cannot process XInclude on an unlinked <xi:include> node");
+  }
+
+  c_copy = xmlDocCopyNode(c_node, c_node->doc, 1);
+  if (c_copy == NULL) {
+    rb_raise(rb_eRuntimeError, "Could not copy node for xinclude substitution");
+  }
+
+  xmlReplaceNode(c_node, c_copy);
+  noko_xml_document_pin_node(c_node);
+
+  _noko_xml_node_process_xinclude_subtree(c_copy, (int)NUM2INT(rb_flags));
+
+  return Qnil;
+}
+
+
 /* TODO: DOCUMENT ME */
 static VALUE
 in_context(VALUE self, VALUE _str, VALUE _options)
@@ -2286,9 +2351,7 @@ in_context(VALUE self, VALUE _str, VALUE _options)
 VALUE
 rb_xml_node_data_ptr_eh(VALUE self)
 {
-  xmlNodePtr c_node;
-  Noko_Node_Get_Struct(self, xmlNode, c_node);
-  return c_node ? Qtrue : Qfalse;
+  return DATA_PTR(self) ? Qtrue : Qfalse;
 }
 
 VALUE
@@ -2438,6 +2501,7 @@ noko_init_xml_node(void)
   rb_define_method(cNokogiriXmlNode, "unlink", unlink_node, 0);
 
   rb_define_protected_method(cNokogiriXmlNode, "initialize_copy_with_args", rb_xml_node_initialize_copy_with_args, 3);
+  rb_define_protected_method(cNokogiriXmlNode, "safe_process_xinclude", noko_xml_node__safe_process_xinclude, 1);
 
   rb_define_private_method(cNokogiriXmlNode, "add_child_node", add_child, 1);
   rb_define_private_method(cNokogiriXmlNode, "add_next_sibling_node", add_next_sibling, 1);

data/ext/nokogiri/xml_node_set.c

@@ -304,7 +304,7 @@ index_at(VALUE rb_self, long offset)
 
   TypedData_Get_Struct(rb_self, xmlNodeSet, &xml_node_set_type, c_self);
 
-  if (offset >= c_self->nodeNr || abs((int)offset) > c_self->nodeNr) {
+  if (offset >= c_self->nodeNr || offset < -c_self->nodeNr) {
     return Qnil;
   }
 

data/ext/nokogiri/xml_xpath_context.c

@@ -11,6 +11,15 @@ static const xmlChar *NOKOGIRI_URI = (const xmlChar *)"http://www.nokogiri.org/d
 static const xmlChar *NOKOGIRI_BUILTIN_PREFIX = (const xmlChar *)"nokogiri-builtin";
 static const xmlChar *NOKOGIRI_BUILTIN_URI = (const xmlChar *)"https://www.nokogiri.org/default_ns/ruby/builtins";
 
+static void
+_noko_xml_xpath_context_dmark(void *data)
+{
+  xmlXPathContextPtr c_context = data;
+  if (c_context->doc && DOC_RUBY_OBJECT_TEST(c_context->doc)) {
+    rb_gc_mark(DOC_RUBY_OBJECT(c_context->doc));
+  }
+}
+
 static void
 _noko_xml_xpath_context_dfree(void *data)
 {
@@ -21,9 +30,10 @@ _noko_xml_xpath_context_dfree(void *data)
 static const rb_data_type_t _noko_xml_xpath_context_type = {
   .wrap_struct_name = "xmlXPathContext",
   .function = {
+    .dmark = _noko_xml_xpath_context_dmark,
     .dfree = _noko_xml_xpath_context_dfree,
   },
-  .flags = RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
+  .flags = RUBY_TYPED_FREE_IMMEDIATELY,
 };
 
 /* find a CSS class in an HTML element's `class` attribute */

data/lib/nokogiri/version/constant.rb

@@ -2,5 +2,5 @@
 
 module Nokogiri
   # The version of Nokogiri you are using
-  VERSION = "1.19.3"
+  VERSION = "1.19.4"
 end

data/lib/nokogiri/version/info.rb

@@ -53,6 +53,14 @@ module Nokogiri
       defined?(Nokogiri::LIBXML_ICONV_ENABLED) && Nokogiri::LIBXML_ICONV_ENABLED
     end
 
+    def libxml2_has_zlib?
+      defined?(Nokogiri::LIBXML_ZLIB_ENABLED) && Nokogiri::LIBXML_ZLIB_ENABLED
+    end
+
+    def libxml2_has_http?
+      defined?(Nokogiri::LIBXML_HTTP_ENABLED) && Nokogiri::LIBXML_HTTP_ENABLED
+    end
+
     def libxslt_has_datetime?
       defined?(Nokogiri::LIBXSLT_DATETIME_ENABLED) && Nokogiri::LIBXSLT_DATETIME_ENABLED
     end
@@ -145,6 +153,8 @@ module Nokogiri
             end
             libxml["memory_management"] = Nokogiri::LIBXML_MEMORY_MANAGEMENT
             libxml["iconv_enabled"] = libxml2_has_iconv?
+            libxml["zlib_enabled"] = libxml2_has_zlib?
+            libxml["http_enabled"] = libxml2_has_http?
             libxml["compiled"] = compiled_libxml_version.to_s
             libxml["loaded"] = loaded_libxml_version.to_s
           end

data/lib/nokogiri/xml/document.rb

@@ -85,8 +85,9 @@ module Nokogiri
             read_memory(string_or_io, url, encoding, options.to_i)
           end
 
-          # do xinclude processing
-          doc.do_xinclude(options) if options.xinclude?
+          # do xinclude processing; the document is freshly parsed and unexposed to Ruby, so the
+          # defensive copy is unnecessary
+          doc.do_xinclude(options, safe_copy: false) if options.xinclude?
 
           doc
         end

data/lib/nokogiri/xml/node.rb

@@ -523,16 +523,67 @@ module Nokogiri
         set_namespace(ns)
       end
 
+      XINCLUDE_NAMESPACES = {
+        "xi2001" => "http://www.w3.org/2001/XInclude",
+        "xi2003" => "http://www.w3.org/2003/XInclude",
+      }.freeze
+      private_constant :XINCLUDE_NAMESPACES
+
+      # Every top-level <xi:include> in the subtree, in either XInclude namespace, excluding
+      # includes nested inside another include's fallback (libxml2 only expands those if the
+      # parent include fails).
+      XINCLUDE_QUERY =
+        "descendant-or-self::xi2001:include[not(ancestor::xi2001:include) and not(ancestor::xi2003:include)] | " \
+        "descendant-or-self::xi2003:include[not(ancestor::xi2001:include) and not(ancestor::xi2003:include)]"
+      private_constant :XINCLUDE_QUERY
+
       ###
-      # Do xinclude substitution on the subtree below node. If given a block, a
-      # Nokogiri::XML::ParseOptions object initialized from +options+, will be
-      # passed to it, allowing more convenient modification of the parser options.
-      def do_xinclude(options = XML::ParseOptions::DEFAULT_XML)
+      # :call-seq:
+      #   do_xinclude(options = ParseOptions::DEFAULT_XML, safe_copy: true) → self
+      #   do_xinclude(options = ParseOptions::DEFAULT_XML, safe_copy: true) { |options| ... } → self
+      #
+      # Do XInclude substitution on the subtree below this node, replacing each +<xi:include>+ with
+      # the content it references.
+      #
+      # [Parameters]
+      # - +options+ (Nokogiri::XML::ParseOptions) The parser options for the substitution. (default
+      #   +ParseOptions::DEFAULT_XML+)
+      #
+      # [Optional Keyword Arguments]
+      # - +safe_copy:+ (Boolean) Operate on a defensive copy of each +<xi:include>+ element, to
+      #   prevent libxml2 from freeing memory that is bound to live Ruby objects. (default +true+)
+      #
+      #   When +true+, each +<xi:include>+ is processed on an unwrapped copy of itself, so libxml2
+      #   frees the copy while the original node is unlinked from the document and kept alive. This
+      #   prevents a use-after-free when the +<xi:include>+ node, or any of its descendants or
+      #   namespaces, has already been exposed to Ruby; as a consequence such a wrapped node ends up
+      #   detached from the document rather than removed or converted in place.
+      #
+      #   When +false+, the document is processed in place. This is faster but only safe when nothing
+      #   in the subtree has been exposed to Ruby (for example, immediately after parsing), which is
+      #   why Document.parse uses it.
+      #
+      #   This option has no effect on the pure-Java backend, which performs XInclude substitution
+      #   during parsing.
+      #
+      # [Yields]
+      #   If a block is given, a Nokogiri::XML::ParseOptions object initialized from +options+ is
+      #   yielded to it, which can be configured before substitution.
+      #
+      # [Returns] +self+ (Nokogiri::XML::Node)
+      def do_xinclude(options = XML::ParseOptions::DEFAULT_XML, safe_copy: true)
         options = Nokogiri::XML::ParseOptions.new(options) if Integer === options
         yield options if block_given?
 
-        # call c extension
-        process_xincludes(options.to_i)
+        if safe_copy && Nokogiri.uses_libxml?
+          xpath(XINCLUDE_QUERY, XINCLUDE_NAMESPACES).each do |include_node|
+            include_node.safe_process_xinclude(options.to_i)
+          end
+        else
+          process_xincludes(options.to_i)
+        end
+
+        self
       end
 
       alias_method :next, :next_sibling

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nokogiri
 version: !ruby/object:Gem::Version
-  version: 1.19.3
+  version: 1.19.4
 platform: java
 authors:
 - Mike Dalessio
@@ -19,7 +19,7 @@ authors:
 - Nobuyoshi Nakada
 bindir: bin
 cert_chain: []
-date: 2026-04-27 00:00:00.000000000 Z
+date: 2026-06-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jar-dependencies