rexml 3.2.6 → 3.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2583ae302aa5e698f0887a689c416e5debe0533ac472a9f96fce6a8912040fd8
-  data.tar.gz: b0ffa6301fd899969a78e060ccaeafebfc2169e3c63ff499ebc6170468866475
+  metadata.gz: 75f7d0bba9d8346e2374abacaf7aea57044c66f368a695521bc16f6b07e31eaf
+  data.tar.gz: 674cf531dbe9684f3cc9945255aec412d0b80ae0117da3c57552c5ae3bbc66a1
 SHA512:
-  metadata.gz: f63fb0b84ef51e790cc6310244f2106d8c47ec9a00687c58c743afda82b60be9986d503c6f56f947db06f6758707facccd03405c4d1009376e856080aa26d0e4
-  data.tar.gz: db62bea7391837a7ab4cfc5cb5a412ed4deb8d232653ca66d93a323a5a76383eed520cd4ced5b20204f29b04e84678791cd6f807195868f5d4a5e519a73d2aaf
+  metadata.gz: c36c00f2e2c0ed931c85a0e0fb7720771d314f93fa1e66e1057b4e8fb7fe1d1bd3f50debdfa05587e511f1cad8d7345aa8066b18392554da6e8f6baad6a3b9d7
+  data.tar.gz: dc53db592782ad36f083493b8864d49872b8c989b9e2f5d9a1811d56fae3100cf2cad27bb4ab81b9d308715da523d0a4f71d4e236e5847d540d0e92a85c1bd20

data/NEWS.md

@@ -1,5 +1,530 @@
 # News
 
+## 3.4.2 - 2025-08-26 {#version-3-4-2}
+
+### Improvement
+
+  * Improved performance.
+    * GH-244
+    * GH-245
+    * GH-246
+    * GH-249
+    * GH-256
+    * Patch by NAITOH Jun
+
+  * Raise appropriate exception when failing to match start tag in DOCTYPE
+    * GH-247
+    * Patch by NAITOH Jun
+
+  * Deprecate accepting array as an element in XPath.match, first and each
+    * GH-252
+    * Patch by tomoya ishida
+
+  * Don't call needless encoding_updated
+    * GH-259
+    * Patch by Sutou Kouhei
+
+  * Reuse XPath::match
+    * GH-263
+    * Patch by pboling
+
+  * Cache redundant calls for doctype
+    * GH-264
+    * Patch by pboling
+
+  * Use Safe Navigation (&.) from Ruby 2.3
+    * GH-265
+    * Patch by pboling
+
+  * Remove redundant return statements
+    * GH-266
+    * Patch by pboling
+
+  * Added XML declaration check & Source#skip_spaces method
+    * GH-282
+    * Patch by NAITOH Jun
+    * Reported by Sofi Aberegg
+
+### Fixes
+
+  * Fix docs typo
+    * GH-248
+    * Patch by James Coleman
+
+  * Fix reverse sort in xpath_parser
+    * GH-251
+    * Patch by tomoya ishida
+
+  * Fix duplicate responses in XPath following, following-sibling, preceding, preceding-sibling
+    * GH-255
+    * Patch by NAITOH Jun
+
+  * Fix wrong Encoding resolution
+    * GH-258
+    * Patch by Sutou Kouhei
+
+  * Handle nil when parsing fragment
+    * GH-267
+    * GH-268
+    * Patch by pboling
+
+  * [Documentation] Use # to reference instance methods
+    * GH-269
+    * GH-270
+    * Patch by pboling
+
+  * Fix & Deprecate REXML::Text#text_indent
+    * GH-273
+    * GH-275
+    * Patch by pboling
+
+  * remove bundler from dev deps
+    * GH-276
+    * GH-277
+    * Patch by pboling
+
+  * remove ostruct from dev deps
+    * GH-280
+    * GH-281
+    * Patch by pboling
+
+### Thanks
+
+  * NAITOH Jun
+
+  * tomoya ishida
+
+  * James Coleman
+
+  * pboling
+
+  * Sutou Kouhei
+
+  * Sofi Aberegg
+
+## 3.4.1 - 2025-02-16 {#version-3-4-1}
+
+### Improvement
+
+  * Improved performance.
+    * GH-226
+    * GH-227
+    * GH-237
+    * Patch by NAITOH Jun
+
+### Fixes
+
+  * Fix serialization of ATTLIST is incorrect
+    * GH-233
+    * GH-234
+    * Patch by OlofKalufs
+    * Reported by OlofKalufs
+
+### Thanks
+
+  * NAITOH Jun
+
+  * OlofKalufs
+
+## 3.4.0 - 2024-12-15 {#version-3-4-0}
+
+### Improvement
+
+  * Improved performance.
+    * GH-216
+    * Patch by NAITOH Jun
+
+  * JRuby: Improved parse performance.
+    * GH-219
+    * Patch by João Duarte
+
+  * Added support for reusing pull parser.
+    * GH-214
+    * GH-220
+    * Patch by Dmitry Pogrebnoy
+
+  * Improved error handling when source is `IO`.
+    * GH-221
+    * Patch by NAITOH Jun
+
+### Thanks
+
+  * NAITOH Jun
+
+  * João Duarte
+
+  * Dmitry Pogrebnoy
+
+## 3.3.9 - 2024-10-24 {#version-3-3-9}
+
+### Improvements
+
+  * Improved performance.
+    * GH-210
+    * Patch by NAITOH Jun.
+
+### Fixes
+
+  * Fixed a parse bug for text only invalid XML.
+    * GH-215
+    * Patch by NAITOH Jun.
+
+  * Fixed a parse bug that `&#0x...;` is accepted as a character
+    reference.
+
+### Thanks
+
+  * NAITOH Jun
+
+## 3.3.8 - 2024-09-29 {#version-3-3-8}
+
+### Improvements
+
+  * SAX2: Improve parse performance.
+    * GH-207
+    * Patch by NAITOH Jun.
+
+### Fixes
+
+  * Fixed a bug that unexpected attribute namespace conflict error for
+    the predefined "xml" namespace is reported.
+    * GH-208
+    * Patch by KITAITI Makoto
+
+### Thanks
+
+  * NAITOH Jun
+
+  * KITAITI Makoto
+
+## 3.3.7 - 2024-09-04 {#version-3-3-7}
+
+### Improvements
+
+  * Added local entity expansion limit methods
+    * GH-192
+    * GH-202
+    * Reported by takuya kodama.
+    * Patch by NAITOH Jun.
+
+  * Removed explicit strscan dependency
+    * GH-204
+    * Patch by Bo Anderson.
+
+### Thanks
+
+  * takuya kodama
+
+  * NAITOH Jun
+
+  * Bo Anderson
+
+## 3.3.6 - 2024-08-22 {#version-3-3-6}
+
+### Improvements
+
+  * Removed duplicated entity expansions for performance.
+    * GH-194
+    * Patch by Viktor Ivarsson.
+
+  * Improved namespace conflicted attribute check performance. It was
+    too slow for deep elements.
+    * Reported by l33thaxor.
+
+### Fixes
+
+  * Fixed a bug that default entity expansions are counted for
+    security check. Default entity expansions should not be counted
+    because they don't have a security risk.
+    * GH-198
+    * GH-199
+    * Patch Viktor Ivarsson
+
+  * Fixed a parser bug that parameter entity references in internal
+    subsets are expanded. It's not allowed in the XML specification.
+    * GH-191
+    * Patch by NAITOH Jun.
+
+  * Fixed a stream parser bug that user-defined entity references in
+    text aren't expanded.
+    * GH-200
+    * Patch by NAITOH Jun.
+
+### Thanks
+
+  * Viktor Ivarsson
+
+  * NAITOH Jun
+
+  * l33thaxor
+
+## 3.3.5 - 2024-08-12 {#version-3-3-5}
+
+### Fixes
+
+  * Fixed a bug that `REXML::Security.entity_expansion_text_limit`
+    check has wrong text size calculation in SAX and pull parsers.
+    * GH-193
+    * GH-195
+    * Reported by Viktor Ivarsson.
+    * Patch by NAITOH Jun.
+
+### Thanks
+
+  * Viktor Ivarsson
+
+  * NAITOH Jun
+
+## 3.3.4 - 2024-08-01 {#version-3-3-4}
+
+### Fixes
+
+  * Fixed a bug that `REXML::Security` isn't defined when
+    `REXML::Parsers::StreamParser` is used and
+    `rexml/parsers/streamparser` is only required.
+    * GH-189
+    * Patch by takuya kodama.
+
+### Thanks
+
+  * takuya kodama
+
+## 3.3.3 - 2024-08-01 {#version-3-3-3}
+
+### Improvements
+
+  * Added support for detecting invalid XML that has unsupported
+    content before root element
+    * GH-184
+    * Patch by NAITOH Jun.
+
+  * Added support for `REXML::Security.entity_expansion_limit=` and
+    `REXML::Security.entity_expansion_text_limit=` in SAX2 and pull
+    parsers
+    * GH-187
+    * Patch by NAITOH Jun.
+
+  * Added more tests for invalid XMLs.
+    * GH-183
+    * Patch by Watson.
+
+  * Added more performance tests.
+    * Patch by Watson.
+
+  * Improved parse performance.
+    * GH-186
+    * Patch by tomoya ishida.
+
+### Thanks
+
+  * NAITOH Jun
+
+  * Watson
+
+  * tomoya ishida
+
+## 3.3.2 - 2024-07-16 {#version-3-3-2}
+
+### Improvements
+
+  * Improved parse performance.
+    * GH-160
+    * Patch by NAITOH Jun.
+
+  * Improved parse performance.
+    * GH-169
+    * GH-170
+    * GH-171
+    * GH-172
+    * GH-173
+    * GH-174
+    * GH-175
+    * GH-176
+    * GH-177
+    * Patch by Watson.
+
+  * Added support for raising a parse exception when an XML has extra
+    content after the root element.
+    * GH-161
+    * Patch by NAITOH Jun.
+
+  * Added support for raising a parse exception when an XML
+    declaration exists in wrong position.
+    * GH-162
+    * Patch by NAITOH Jun.
+
+  * Removed needless a space after XML declaration in pretty print mode.
+    * GH-164
+    * Patch by NAITOH Jun.
+
+  * Stopped to emit `:text` event after the root element.
+    * GH-167
+    * Patch by NAITOH Jun.
+
+### Fixes
+
+  * Fixed a bug that SAX2 parser doesn't expand predefined entities for
+    `characters` callback.
+    * GH-168
+    * Patch by NAITOH Jun.
+
+### Thanks
+
+  * NAITOH Jun
+
+  * Watson
+
+## 3.3.1 - 2024-06-25 {#version-3-3-1}
+
+### Improvements
+
+  * Added support for detecting malformed top-level comments.
+    * GH-145
+    * Patch by Hiroya Fujinami.
+
+  * Improved `REXML::Element#attribute` performance.
+    * GH-146
+    * Patch by Hiroya Fujinami.
+
+  * Added support for detecting malformed `<!-->` comments.
+    * GH-147
+    * Patch by Hiroya Fujinami.
+
+  * Added support for detecting unclosed `DOCTYPE`.
+    * GH-152
+    * Patch by Hiroya Fujinami.
+
+  * Added `changlog_uri` metadata to gemspec.
+    * GH-156
+    * Patch by fynsta.
+
+  * Improved parse performance.
+    * GH-157
+    * GH-158
+    * Patch by NAITOH Jun.
+
+### Fixes
+
+  * Fixed a bug that large XML can't be parsed.
+    * GH-154
+    * Patch by NAITOH Jun.
+
+  * Fixed a bug that private constants are visible.
+    * GH-155
+    * Patch by NAITOH Jun.
+
+### Thanks
+
+  * Hiroya Fujinami
+
+  * NAITOH Jun
+
+  * fynsta
+
+## 3.3.0 - 2024-06-11 {#version-3-3-0}
+
+### Improvements
+
+  * Added support for strscan 0.7.0 installed with Ruby 2.6.
+    * GH-142
+    * Reported by Fernando Trigoso.
+
+### Thanks
+
+  * Fernando Trigoso
+
+## 3.2.9 - 2024-06-09 {#version-3-2-9}
+
+### Improvements
+
+  * Added support for old strscan.
+    * GH-132
+    * Reported by Adam.
+
+  * Improved attribute value parse performance.
+    * GH-135
+    * Patch by NAITOH Jun.
+
+  * Improved `REXML::Node#each_recursive` performance.
+    * GH-134
+    * GH-139
+    * Patch by Hiroya Fujinami.
+
+  * Improved text parse performance.
+    * Reported by mprogrammer.
+
+### Thanks
+
+  * Adam
+  * NAITOH Jun
+  * Hiroya Fujinami
+  * mprogrammer
+
+## 3.2.8 - 2024-05-16 {#version-3-2-8}
+
+### Fixes
+
+  * Suppressed a warning
+
+## 3.2.7 - 2024-05-16 {#version-3-2-7}
+
+### Improvements
+
+  * Improve parse performance by using `StringScanner`.
+
+    * GH-106
+    * GH-107
+    * GH-108
+    * GH-109
+    * GH-112
+    * GH-113
+    * GH-114
+    * GH-115
+    * GH-116
+    * GH-117
+    * GH-118
+    * GH-119
+    * GH-121
+
+    * Patch by NAITOH Jun.
+
+  * Improved parse performance when an attribute has many `>`s.
+
+    * GH-126
+
+### Fixes
+
+  * XPath: Fixed a bug of `normalize_space(array)`.
+
+    * GH-110
+    * GH-111
+
+    * Patch by flatisland.
+
+  * XPath: Fixed a bug that wrong position is used with nested path.
+
+    * GH-110
+    * GH-122
+
+    * Reported by jcavalieri.
+    * Patch by NAITOH Jun.
+
+  * Fixed a bug that an exception message can't be generated for
+    invalid encoding XML.
+
+    * GH-29
+    * GH-123
+
+    * Reported by DuKewu.
+    * Patch by NAITOH Jun.
+
+### Thanks
+
+  * NAITOH Jun
+  * flatisland
+  * jcavalieri
+  * DuKewu
+
 ## 3.2.6 - 2023-07-27 {#version-3-2-6}
 
 ### Improvements

data/lib/rexml/attribute.rb

@@ -130,10 +130,7 @@ module REXML
     end
 
     def doctype
-      if @element
-        doc = @element.document
-        doc.doctype if doc
-      end
+      @element&.document&.doctype
     end
 
     # Returns the attribute value, with entities replaced
@@ -148,8 +145,9 @@ module REXML
     # have been expanded to their values
     def value
       return @unnormalized if @unnormalized
-      @unnormalized = Text::unnormalize( @normalized, doctype )
-      @unnormalized
+
+      @unnormalized = Text::unnormalize(@normalized, doctype,
+                                        entity_expansion_text_limit: @element&.document&.entity_expansion_text_limit)
     end
 
     # The normalized value of this attribute.  That is, the attribute with
@@ -172,7 +170,7 @@ module REXML
       @element = element
 
       if @normalized
-        Text.check( @normalized, NEEDS_A_SECOND_CHECK, doctype )
+        Text.check( @normalized, NEEDS_A_SECOND_CHECK )
       end
 
       self
@@ -201,9 +199,11 @@ module REXML
     end
 
     def xpath
-      path = @element.xpath
-      path += "/@#{self.expanded_name}"
-      return path
+      @element.xpath + "/@#{self.expanded_name}"
+    end
+
+    def document
+      @element&.document
     end
   end
 end

data/lib/rexml/cdata.rb

@@ -58,7 +58,7 @@ module REXML
     #  c = CData.new( " Some text " )
     #  c.write( $stdout )     #->  <![CDATA[ Some text ]]>
     def write( output=$stdout, indent=-1, transitive=false, ie_hack=false )
-      Kernel.warn( "#{self.class.name}.write is deprecated", uplevel: 1)
+      Kernel.warn( "#{self.class.name}#write is deprecated", uplevel: 1)
       indent( output, indent )
       output << START
       output << @string

data/lib/rexml/child.rb

@@ -83,13 +83,12 @@ module REXML
     # Returns:: the document this child belongs to, or nil if this child
     # belongs to no document
     def document
-      return parent.document unless parent.nil?
-      nil
+      parent&.document
     end
 
     # This doesn't yet handle encodings
     def bytes
-      document.encoding
+      document&.encoding
 
       to_s
     end

data/lib/rexml/comment.rb

@@ -48,7 +48,7 @@ module REXML
     # ie_hack::
     #    Needed for conformity to the child API, but not used by this class.
     def write( output, indent=-1, transitive=false, ie_hack=false )
-      Kernel.warn("Comment.write is deprecated.  See REXML::Formatters", uplevel: 1)
+      Kernel.warn("#{self.class.name}#write is deprecated.  See REXML::Formatters", uplevel: 1)
       indent( output, indent )
       output << START
       output << @string

data/lib/rexml/doctype.rb

@@ -171,15 +171,11 @@ module REXML
     end
 
     def context
-      if @parent
-        @parent.context
-      else
-        nil
-      end
+      @parent&.context
     end
 
     def entity( name )
-      @entities[name].unnormalized if @entities[name]
+      @entities[name]&.unnormalized
     end
 
     def add child
@@ -288,8 +284,7 @@ module REXML
     end
 
     def to_s
-      context = nil
-      context = parent.context if parent
+      context = parent&.context
       notation = "<!NOTATION #{@name}"
       reference_writer = ReferenceWriter.new(@middle, @public, @system, context)
       reference_writer.write(notation)

data/lib/rexml/document.rb

@@ -91,6 +91,8 @@ module REXML
     #
     def initialize( source = nil, context = {} )
       @entity_expansion_count = 0
+      @entity_expansion_limit = Security.entity_expansion_limit
+      @entity_expansion_text_limit = Security.entity_expansion_text_limit
       super()
       @context = context
       return if source.nil?
@@ -307,8 +309,8 @@ module REXML
     end
 
     # :call-seq:
-    #    doc.write(output=$stdout, indent=-1, transtive=false, ie_hack=false, encoding=nil)
-    #    doc.write(options={:output => $stdout, :indent => -1, :transtive => false, :ie_hack => false, :encoding => nil})
+    #    doc.write(output=$stdout, indent=-1, transitive=false, ie_hack=false, encoding=nil)
+    #    doc.write(options={:output => $stdout, :indent => -1, :transitive => false, :ie_hack => false, :encoding => nil})
     #
     # Write the XML tree out, optionally with indent.  This writes out the
     # entire XML document, including XML declarations, doctype declarations,
@@ -413,7 +415,7 @@ module REXML
     #
     # Deprecated. Use REXML::Security.entity_expansion_limit= instead.
     def Document::entity_expansion_limit
-      return Security.entity_expansion_limit
+      Security.entity_expansion_limit
     end
 
     # Set the entity expansion limit. By default the limit is set to 10240.
@@ -427,14 +429,16 @@ module REXML
     #
     # Deprecated. Use REXML::Security.entity_expansion_text_limit instead.
     def Document::entity_expansion_text_limit
-      return Security.entity_expansion_text_limit
+      Security.entity_expansion_text_limit
     end
 
     attr_reader :entity_expansion_count
+    attr_writer :entity_expansion_limit
+    attr_accessor :entity_expansion_text_limit
 
     def record_entity_expansion
       @entity_expansion_count += 1
-      if @entity_expansion_count > Security.entity_expansion_limit
+      if @entity_expansion_count > @entity_expansion_limit
         raise "number of entity expansions exceeded, processing aborted."
       end
     end
@@ -444,6 +448,20 @@ module REXML
     end
 
     private
+
+    attr_accessor :namespaces_cache
+
+    # New document level cache is created and available in this block.
+    # This API is thread unsafe. Users can't change this document in this block.
+    def enable_cache
+      @namespaces_cache = {}
+      begin
+        yield
+      ensure
+        @namespaces_cache = nil
+      end
+    end
+
     def build( source )
       Parsers::TreeParser.new( source, self ).parse
     end