rexml 3.3.6 → 3.3.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4b79c22060286dad847e18d30b4b336bda21d2772ccb35413fb9ba51a0012ed2
4
- data.tar.gz: feb56a4a3071541e983acd33b8baa6b9052f8d67d871102cfe6e69773a0cfcfe
3
+ metadata.gz: 9d8de4465de1e9548d66ad026772932f724b9747dc8b1c62960d8efeaeaa8412
4
+ data.tar.gz: 1cb29aaa36dcef98ba8bd4e9fa249959405f67fdb6bed54d12b466fdf43f57af
5
5
  SHA512:
6
- metadata.gz: b615c95f8624212e151443ad03ba9b64f39aee8a200ea212150a10116340157cfda1bf974ab3d03161c0fb37d866e8c1c69ccc6a9549a13398452b32166af2d8
7
- data.tar.gz: db7dcac658e1f51f30575c24d6f36dc256349331fa1951c8fdfaf214baf97a5a446a1fcc411358a76d2c6fc36388ec8b1178adeacc3225d16d5d95ac53a8c4b3
6
+ metadata.gz: 78c881a10f12e46e1b6710d6ec75e42e4311c233376a7587756bc098063d21f52a4d82bcac8201001bf7e39079b3db4015482dae5b4ba46e561ef75fa15b15a0
7
+ data.tar.gz: 8d7a4b94937ce7b0bdf6ed83152fe207098dfe45333498a64e50d5fe9a686dffa2f66913c1edf265470b2b6a04cfae20857f1cffa404c278249784eeb533d594
data/NEWS.md CHANGED
@@ -1,5 +1,69 @@
1
1
  # News
2
2
 
3
+ ## 3.3.9 - 2024-10-24 {#version-3-3-9}
4
+
5
+ ### Improvements
6
+
7
+ * Improved performance.
8
+ * GH-210
9
+ * Patch by NAITOH Jun.
10
+
11
+ ### Fixes
12
+
13
+ * Fixed a parse bug for text only invalid XML.
14
+ * GH-215
15
+ * Patch by NAITOH Jun.
16
+
17
+ * Fixed a parse bug that `&#0x...;` is accepted as a character
18
+ reference.
19
+
20
+ ### Thanks
21
+
22
+ * NAITOH Jun
23
+
24
+ ## 3.3.8 - 2024-09-29 {#version-3-3-8}
25
+
26
+ ### Improvements
27
+
28
+ * SAX2: Improve parse performance.
29
+ * GH-207
30
+ * Patch by NAITOH Jun.
31
+
32
+ ### Fixes
33
+
34
+ * Fixed a bug that unexpected attribute namespace conflict error for
35
+ the predefined "xml" namespace is reported.
36
+ * GH-208
37
+ * Patch by KITAITI Makoto
38
+
39
+ ### Thanks
40
+
41
+ * NAITOH Jun
42
+
43
+ * KITAITI Makoto
44
+
45
+ ## 3.3.7 - 2024-09-04 {#version-3-3-7}
46
+
47
+ ### Improvements
48
+
49
+ * Added local entity expansion limit methods
50
+ * GH-192
51
+ * GH-202
52
+ * Reported by takuya kodama.
53
+ * Patch by NAITOH Jun.
54
+
55
+ * Removed explicit strscan dependency
56
+ * GH-204
57
+ * Patch by Bo Anderson.
58
+
59
+ ### Thanks
60
+
61
+ * takuya kodama
62
+
63
+ * NAITOH Jun
64
+
65
+ * Bo Anderson
66
+
3
67
  ## 3.3.6 - 2024-08-22 {#version-3-3-6}
4
68
 
5
69
  ### Improvements
@@ -148,8 +148,9 @@ module REXML
148
148
  # have been expanded to their values
149
149
  def value
150
150
  return @unnormalized if @unnormalized
151
- @unnormalized = Text::unnormalize( @normalized, doctype )
152
- @unnormalized
151
+
152
+ @unnormalized = Text::unnormalize(@normalized, doctype,
153
+ entity_expansion_text_limit: @element&.document&.entity_expansion_text_limit)
153
154
  end
154
155
 
155
156
  # The normalized value of this attribute. That is, the attribute with
@@ -91,6 +91,8 @@ module REXML
91
91
  #
92
92
  def initialize( source = nil, context = {} )
93
93
  @entity_expansion_count = 0
94
+ @entity_expansion_limit = Security.entity_expansion_limit
95
+ @entity_expansion_text_limit = Security.entity_expansion_text_limit
94
96
  super()
95
97
  @context = context
96
98
  return if source.nil?
@@ -431,10 +433,12 @@ module REXML
431
433
  end
432
434
 
433
435
  attr_reader :entity_expansion_count
436
+ attr_writer :entity_expansion_limit
437
+ attr_accessor :entity_expansion_text_limit
434
438
 
435
439
  def record_entity_expansion
436
440
  @entity_expansion_count += 1
437
- if @entity_expansion_count > Security.entity_expansion_limit
441
+ if @entity_expansion_count > @entity_expansion_limit
438
442
  raise "number of entity expansions exceeded, processing aborted."
439
443
  end
440
444
  end
data/lib/rexml/entity.rb CHANGED
@@ -71,9 +71,12 @@ module REXML
71
71
  # Evaluates to the unnormalized value of this entity; that is, replacing
72
72
  # &ent; entities.
73
73
  def unnormalized
74
- document.record_entity_expansion unless document.nil?
74
+ document&.record_entity_expansion
75
+
75
76
  return nil if @value.nil?
76
- @unnormalized = Text::unnormalize(@value, parent)
77
+
78
+ @unnormalized = Text::unnormalize(@value, parent,
79
+ entity_expansion_text_limit: document&.entity_expansion_text_limit)
77
80
  end
78
81
 
79
82
  #once :unnormalized
@@ -150,12 +150,13 @@ module REXML
150
150
  PEDECL_PATTERN = "\\s+(%)\\s+#{NAME}\\s+#{PEDEF}\\s*>"
151
151
  ENTITYDECL_PATTERN = /(?:#{GEDECL_PATTERN})|(?:#{PEDECL_PATTERN})/um
152
152
  CARRIAGE_RETURN_NEWLINE_PATTERN = /\r\n?/
153
- CHARACTER_REFERENCES = /&#0*((?:\d+)|(?:x[a-fA-F0-9]+));/
153
+ CHARACTER_REFERENCES = /&#((?:\d+)|(?:x[a-fA-F0-9]+));/
154
154
  DEFAULT_ENTITIES_PATTERNS = {}
155
155
  default_entities = ['gt', 'lt', 'quot', 'apos', 'amp']
156
156
  default_entities.each do |term|
157
157
  DEFAULT_ENTITIES_PATTERNS[term] = /&#{term};/
158
158
  end
159
+ XML_PREFIXED_NAMESPACE = "http://www.w3.org/XML/1998/namespace"
159
160
  end
160
161
  private_constant :Private
161
162
 
@@ -164,6 +165,9 @@ module REXML
164
165
  @listeners = []
165
166
  @prefixes = Set.new
166
167
  @entity_expansion_count = 0
168
+ @entity_expansion_limit = Security.entity_expansion_limit
169
+ @entity_expansion_text_limit = Security.entity_expansion_text_limit
170
+ @source.ensure_buffer
167
171
  end
168
172
 
169
173
  def add_listener( listener )
@@ -172,6 +176,8 @@ module REXML
172
176
 
173
177
  attr_reader :source
174
178
  attr_reader :entity_expansion_count
179
+ attr_writer :entity_expansion_limit
180
+ attr_writer :entity_expansion_text_limit
175
181
 
176
182
  def stream=( source )
177
183
  @source = SourceFactory.create_from( source )
@@ -181,7 +187,7 @@ module REXML
181
187
  @tags = []
182
188
  @stack = []
183
189
  @entities = []
184
- @namespaces = {}
190
+ @namespaces = {"xml" => Private::XML_PREFIXED_NAMESPACE}
185
191
  @namespaces_restore_stack = []
186
192
  end
187
193
 
@@ -564,8 +570,12 @@ module REXML
564
570
  return rv if matches.size == 0
565
571
  rv.gsub!( Private::CHARACTER_REFERENCES ) {
566
572
  m=$1
567
- m = "0#{m}" if m[0] == ?x
568
- [Integer(m)].pack('U*')
573
+ if m.start_with?("x")
574
+ code_point = Integer(m[1..-1], 16)
575
+ else
576
+ code_point = Integer(m, 10)
577
+ end
578
+ [code_point].pack('U*')
569
579
  }
570
580
  matches.collect!{|x|x[0]}.compact!
571
581
  if filter
@@ -585,7 +595,7 @@ module REXML
585
595
  end
586
596
  re = Private::DEFAULT_ENTITIES_PATTERNS[entity_reference] || /&#{entity_reference};/
587
597
  rv.gsub!( re, entity_value )
588
- if rv.bytesize > Security.entity_expansion_text_limit
598
+ if rv.bytesize > @entity_expansion_text_limit
589
599
  raise "entity expansion has grown too large"
590
600
  end
591
601
  else
@@ -627,7 +637,7 @@ module REXML
627
637
 
628
638
  def record_entity_expansion(delta=1)
629
639
  @entity_expansion_count += delta
630
- if @entity_expansion_count > Security.entity_expansion_limit
640
+ if @entity_expansion_count > @entity_expansion_limit
631
641
  raise "number of entity expansions exceeded, processing aborted."
632
642
  end
633
643
  end
@@ -786,7 +796,7 @@ module REXML
786
796
  @source.match(/\s*/um, true)
787
797
  if prefix == "xmlns"
788
798
  if local_part == "xml"
789
- if value != "http://www.w3.org/XML/1998/namespace"
799
+ if value != Private::XML_PREFIXED_NAMESPACE
790
800
  msg = "The 'xml' prefix must not be bound to any other namespace "+
791
801
  "(http://www.w3.org/TR/REC-xml-names/#ns-decl)"
792
802
  raise REXML::ParseException.new( msg, @source, self )
@@ -51,6 +51,14 @@ module REXML
51
51
  @parser.entity_expansion_count
52
52
  end
53
53
 
54
+ def entity_expansion_limit=( limit )
55
+ @parser.entity_expansion_limit = limit
56
+ end
57
+
58
+ def entity_expansion_text_limit=( limit )
59
+ @parser.entity_expansion_text_limit = limit
60
+ end
61
+
54
62
  def each
55
63
  while has_next?
56
64
  yield self.pull
@@ -26,6 +26,14 @@ module REXML
26
26
  @parser.entity_expansion_count
27
27
  end
28
28
 
29
+ def entity_expansion_limit=( limit )
30
+ @parser.entity_expansion_limit = limit
31
+ end
32
+
33
+ def entity_expansion_text_limit=( limit )
34
+ @parser.entity_expansion_text_limit = limit
35
+ end
36
+
29
37
  def add_listener( listener )
30
38
  @parser.add_listener( listener )
31
39
  end
@@ -251,6 +259,8 @@ module REXML
251
259
  end
252
260
 
253
261
  def get_namespace( prefix )
262
+ return nil if @namespace_stack.empty?
263
+
254
264
  uris = (@namespace_stack.find_all { |ns| not ns[prefix].nil? }) ||
255
265
  (@namespace_stack.find { |ns| not ns[nil].nil? })
256
266
  uris[-1][prefix] unless uris.nil? or 0 == uris.size
@@ -18,6 +18,14 @@ module REXML
18
18
  @parser.entity_expansion_count
19
19
  end
20
20
 
21
+ def entity_expansion_limit=( limit )
22
+ @parser.entity_expansion_limit = limit
23
+ end
24
+
25
+ def entity_expansion_text_limit=( limit )
26
+ @parser.entity_expansion_text_limit = limit
27
+ end
28
+
21
29
  def parse
22
30
  # entity string
23
31
  while true
data/lib/rexml/rexml.rb CHANGED
@@ -31,7 +31,7 @@
31
31
  module REXML
32
32
  COPYRIGHT = "Copyright © 2001-2008 Sean Russell <ser@germane-software.com>"
33
33
  DATE = "2008/019"
34
- VERSION = "3.3.6"
34
+ VERSION = "3.3.9"
35
35
  REVISION = ""
36
36
 
37
37
  Copyright = COPYRIGHT
data/lib/rexml/source.rb CHANGED
@@ -77,6 +77,7 @@ module REXML
77
77
  detect_encoding
78
78
  end
79
79
  @line = 0
80
+ @term_encord = {}
80
81
  end
81
82
 
82
83
  # The current buffer (what we're going to read next)
@@ -227,7 +228,7 @@ module REXML
227
228
 
228
229
  def read_until(term)
229
230
  pattern = Private::PRE_DEFINED_TERM_PATTERNS[term] || /#{Regexp.escape(term)}/
230
- term = encode(term)
231
+ term = @term_encord[term] ||= encode(term)
231
232
  until str = @scanner.scan_until(pattern)
232
233
  break if @source.nil?
233
234
  break if @source.eof?
@@ -294,14 +295,19 @@ module REXML
294
295
 
295
296
  private
296
297
  def readline(term = nil)
297
- str = @source.readline(term || @line_break)
298
298
  if @pending_buffer
299
+ begin
300
+ str = @source.readline(term || @line_break)
301
+ rescue IOError
302
+ end
299
303
  if str.nil?
300
304
  str = @pending_buffer
301
305
  else
302
306
  str = @pending_buffer + str
303
307
  end
304
308
  @pending_buffer = nil
309
+ else
310
+ str = @source.readline(term || @line_break)
305
311
  end
306
312
  return nil if str.nil?
307
313
 
data/lib/rexml/text.rb CHANGED
@@ -268,7 +268,8 @@ module REXML
268
268
  # u = Text.new( "sean russell", false, nil, true )
269
269
  # u.value #-> "sean russell"
270
270
  def value
271
- @unnormalized ||= Text::unnormalize( @string, doctype )
271
+ @unnormalized ||= Text::unnormalize(@string, doctype,
272
+ entity_expansion_text_limit: document&.entity_expansion_text_limit)
272
273
  end
273
274
 
274
275
  # Sets the contents of this text node. This expects the text to be
@@ -411,11 +412,12 @@ module REXML
411
412
  end
412
413
 
413
414
  # Unescapes all possible entities
414
- def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil )
415
+ def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil, entity_expansion_text_limit: nil )
416
+ entity_expansion_text_limit ||= Security.entity_expansion_text_limit
415
417
  sum = 0
416
418
  string.gsub( /\r\n?/, "\n" ).gsub( REFERENCE ) {
417
419
  s = Text.expand($&, doctype, filter)
418
- if sum + s.bytesize > Security.entity_expansion_text_limit
420
+ if sum + s.bytesize > entity_expansion_text_limit
419
421
  raise "entity expansion has grown too large"
420
422
  else
421
423
  sum += s.bytesize
metadata CHANGED
@@ -1,28 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rexml
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.3.6
4
+ version: 3.3.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kouhei Sutou
8
8
  bindir: bin
9
9
  cert_chain: []
10
- date: 2024-08-22 00:00:00.000000000 Z
11
- dependencies:
12
- - !ruby/object:Gem::Dependency
13
- name: strscan
14
- requirement: !ruby/object:Gem::Requirement
15
- requirements:
16
- - - ">="
17
- - !ruby/object:Gem::Version
18
- version: '0'
19
- type: :runtime
20
- prerelease: false
21
- version_requirements: !ruby/object:Gem::Requirement
22
- requirements:
23
- - - ">="
24
- - !ruby/object:Gem::Version
25
- version: '0'
10
+ date: 2024-10-24 00:00:00.000000000 Z
11
+ dependencies: []
26
12
  description: An XML toolkit for Ruby
27
13
  email:
28
14
  - kou@cozmixng.org
@@ -116,7 +102,7 @@ homepage: https://github.com/ruby/rexml
116
102
  licenses:
117
103
  - BSD-2-Clause
118
104
  metadata:
119
- changelog_uri: https://github.com/ruby/rexml/releases/tag/v3.3.6
105
+ changelog_uri: https://github.com/ruby/rexml/releases/tag/v3.3.9
120
106
  rdoc_options:
121
107
  - "--main"
122
108
  - README.md