rexml 3.3.6 → 3.3.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/NEWS.md +64 -0
- data/lib/rexml/attribute.rb +3 -2
- data/lib/rexml/document.rb +5 -1
- data/lib/rexml/entity.rb +5 -2
- data/lib/rexml/parsers/baseparser.rb +17 -7
- data/lib/rexml/parsers/pullparser.rb +8 -0
- data/lib/rexml/parsers/sax2parser.rb +10 -0
- data/lib/rexml/parsers/streamparser.rb +8 -0
- data/lib/rexml/rexml.rb +1 -1
- data/lib/rexml/source.rb +8 -2
- data/lib/rexml/text.rb +5 -3
- metadata +4 -18
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9d8de4465de1e9548d66ad026772932f724b9747dc8b1c62960d8efeaeaa8412
|
4
|
+
data.tar.gz: 1cb29aaa36dcef98ba8bd4e9fa249959405f67fdb6bed54d12b466fdf43f57af
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 78c881a10f12e46e1b6710d6ec75e42e4311c233376a7587756bc098063d21f52a4d82bcac8201001bf7e39079b3db4015482dae5b4ba46e561ef75fa15b15a0
|
7
|
+
data.tar.gz: 8d7a4b94937ce7b0bdf6ed83152fe207098dfe45333498a64e50d5fe9a686dffa2f66913c1edf265470b2b6a04cfae20857f1cffa404c278249784eeb533d594
|
data/NEWS.md
CHANGED
@@ -1,5 +1,69 @@
|
|
1
1
|
# News
|
2
2
|
|
3
|
+
## 3.3.9 - 2024-10-24 {#version-3-3-9}
|
4
|
+
|
5
|
+
### Improvements
|
6
|
+
|
7
|
+
* Improved performance.
|
8
|
+
* GH-210
|
9
|
+
* Patch by NAITOH Jun.
|
10
|
+
|
11
|
+
### Fixes
|
12
|
+
|
13
|
+
* Fixed a parse bug for text only invalid XML.
|
14
|
+
* GH-215
|
15
|
+
* Patch by NAITOH Jun.
|
16
|
+
|
17
|
+
* Fixed a parse bug that `�x...;` is accepted as a character
|
18
|
+
reference.
|
19
|
+
|
20
|
+
### Thanks
|
21
|
+
|
22
|
+
* NAITOH Jun
|
23
|
+
|
24
|
+
## 3.3.8 - 2024-09-29 {#version-3-3-8}
|
25
|
+
|
26
|
+
### Improvements
|
27
|
+
|
28
|
+
* SAX2: Improve parse performance.
|
29
|
+
* GH-207
|
30
|
+
* Patch by NAITOH Jun.
|
31
|
+
|
32
|
+
### Fixes
|
33
|
+
|
34
|
+
* Fixed a bug that unexpected attribute namespace conflict error for
|
35
|
+
the predefined "xml" namespace is reported.
|
36
|
+
* GH-208
|
37
|
+
* Patch by KITAITI Makoto
|
38
|
+
|
39
|
+
### Thanks
|
40
|
+
|
41
|
+
* NAITOH Jun
|
42
|
+
|
43
|
+
* KITAITI Makoto
|
44
|
+
|
45
|
+
## 3.3.7 - 2024-09-04 {#version-3-3-7}
|
46
|
+
|
47
|
+
### Improvements
|
48
|
+
|
49
|
+
* Added local entity expansion limit methods
|
50
|
+
* GH-192
|
51
|
+
* GH-202
|
52
|
+
* Reported by takuya kodama.
|
53
|
+
* Patch by NAITOH Jun.
|
54
|
+
|
55
|
+
* Removed explicit strscan dependency
|
56
|
+
* GH-204
|
57
|
+
* Patch by Bo Anderson.
|
58
|
+
|
59
|
+
### Thanks
|
60
|
+
|
61
|
+
* takuya kodama
|
62
|
+
|
63
|
+
* NAITOH Jun
|
64
|
+
|
65
|
+
* Bo Anderson
|
66
|
+
|
3
67
|
## 3.3.6 - 2024-08-22 {#version-3-3-6}
|
4
68
|
|
5
69
|
### Improvements
|
data/lib/rexml/attribute.rb
CHANGED
@@ -148,8 +148,9 @@ module REXML
|
|
148
148
|
# have been expanded to their values
|
149
149
|
def value
|
150
150
|
return @unnormalized if @unnormalized
|
151
|
-
|
152
|
-
@unnormalized
|
151
|
+
|
152
|
+
@unnormalized = Text::unnormalize(@normalized, doctype,
|
153
|
+
entity_expansion_text_limit: @element&.document&.entity_expansion_text_limit)
|
153
154
|
end
|
154
155
|
|
155
156
|
# The normalized value of this attribute. That is, the attribute with
|
data/lib/rexml/document.rb
CHANGED
@@ -91,6 +91,8 @@ module REXML
|
|
91
91
|
#
|
92
92
|
def initialize( source = nil, context = {} )
|
93
93
|
@entity_expansion_count = 0
|
94
|
+
@entity_expansion_limit = Security.entity_expansion_limit
|
95
|
+
@entity_expansion_text_limit = Security.entity_expansion_text_limit
|
94
96
|
super()
|
95
97
|
@context = context
|
96
98
|
return if source.nil?
|
@@ -431,10 +433,12 @@ module REXML
|
|
431
433
|
end
|
432
434
|
|
433
435
|
attr_reader :entity_expansion_count
|
436
|
+
attr_writer :entity_expansion_limit
|
437
|
+
attr_accessor :entity_expansion_text_limit
|
434
438
|
|
435
439
|
def record_entity_expansion
|
436
440
|
@entity_expansion_count += 1
|
437
|
-
if @entity_expansion_count >
|
441
|
+
if @entity_expansion_count > @entity_expansion_limit
|
438
442
|
raise "number of entity expansions exceeded, processing aborted."
|
439
443
|
end
|
440
444
|
end
|
data/lib/rexml/entity.rb
CHANGED
@@ -71,9 +71,12 @@ module REXML
|
|
71
71
|
# Evaluates to the unnormalized value of this entity; that is, replacing
|
72
72
|
# &ent; entities.
|
73
73
|
def unnormalized
|
74
|
-
document
|
74
|
+
document&.record_entity_expansion
|
75
|
+
|
75
76
|
return nil if @value.nil?
|
76
|
-
|
77
|
+
|
78
|
+
@unnormalized = Text::unnormalize(@value, parent,
|
79
|
+
entity_expansion_text_limit: document&.entity_expansion_text_limit)
|
77
80
|
end
|
78
81
|
|
79
82
|
#once :unnormalized
|
@@ -150,12 +150,13 @@ module REXML
|
|
150
150
|
PEDECL_PATTERN = "\\s+(%)\\s+#{NAME}\\s+#{PEDEF}\\s*>"
|
151
151
|
ENTITYDECL_PATTERN = /(?:#{GEDECL_PATTERN})|(?:#{PEDECL_PATTERN})/um
|
152
152
|
CARRIAGE_RETURN_NEWLINE_PATTERN = /\r\n?/
|
153
|
-
CHARACTER_REFERENCES = /&#
|
153
|
+
CHARACTER_REFERENCES = /&#((?:\d+)|(?:x[a-fA-F0-9]+));/
|
154
154
|
DEFAULT_ENTITIES_PATTERNS = {}
|
155
155
|
default_entities = ['gt', 'lt', 'quot', 'apos', 'amp']
|
156
156
|
default_entities.each do |term|
|
157
157
|
DEFAULT_ENTITIES_PATTERNS[term] = /&#{term};/
|
158
158
|
end
|
159
|
+
XML_PREFIXED_NAMESPACE = "http://www.w3.org/XML/1998/namespace"
|
159
160
|
end
|
160
161
|
private_constant :Private
|
161
162
|
|
@@ -164,6 +165,9 @@ module REXML
|
|
164
165
|
@listeners = []
|
165
166
|
@prefixes = Set.new
|
166
167
|
@entity_expansion_count = 0
|
168
|
+
@entity_expansion_limit = Security.entity_expansion_limit
|
169
|
+
@entity_expansion_text_limit = Security.entity_expansion_text_limit
|
170
|
+
@source.ensure_buffer
|
167
171
|
end
|
168
172
|
|
169
173
|
def add_listener( listener )
|
@@ -172,6 +176,8 @@ module REXML
|
|
172
176
|
|
173
177
|
attr_reader :source
|
174
178
|
attr_reader :entity_expansion_count
|
179
|
+
attr_writer :entity_expansion_limit
|
180
|
+
attr_writer :entity_expansion_text_limit
|
175
181
|
|
176
182
|
def stream=( source )
|
177
183
|
@source = SourceFactory.create_from( source )
|
@@ -181,7 +187,7 @@ module REXML
|
|
181
187
|
@tags = []
|
182
188
|
@stack = []
|
183
189
|
@entities = []
|
184
|
-
@namespaces = {}
|
190
|
+
@namespaces = {"xml" => Private::XML_PREFIXED_NAMESPACE}
|
185
191
|
@namespaces_restore_stack = []
|
186
192
|
end
|
187
193
|
|
@@ -564,8 +570,12 @@ module REXML
|
|
564
570
|
return rv if matches.size == 0
|
565
571
|
rv.gsub!( Private::CHARACTER_REFERENCES ) {
|
566
572
|
m=$1
|
567
|
-
|
568
|
-
|
573
|
+
if m.start_with?("x")
|
574
|
+
code_point = Integer(m[1..-1], 16)
|
575
|
+
else
|
576
|
+
code_point = Integer(m, 10)
|
577
|
+
end
|
578
|
+
[code_point].pack('U*')
|
569
579
|
}
|
570
580
|
matches.collect!{|x|x[0]}.compact!
|
571
581
|
if filter
|
@@ -585,7 +595,7 @@ module REXML
|
|
585
595
|
end
|
586
596
|
re = Private::DEFAULT_ENTITIES_PATTERNS[entity_reference] || /&#{entity_reference};/
|
587
597
|
rv.gsub!( re, entity_value )
|
588
|
-
if rv.bytesize >
|
598
|
+
if rv.bytesize > @entity_expansion_text_limit
|
589
599
|
raise "entity expansion has grown too large"
|
590
600
|
end
|
591
601
|
else
|
@@ -627,7 +637,7 @@ module REXML
|
|
627
637
|
|
628
638
|
def record_entity_expansion(delta=1)
|
629
639
|
@entity_expansion_count += delta
|
630
|
-
if @entity_expansion_count >
|
640
|
+
if @entity_expansion_count > @entity_expansion_limit
|
631
641
|
raise "number of entity expansions exceeded, processing aborted."
|
632
642
|
end
|
633
643
|
end
|
@@ -786,7 +796,7 @@ module REXML
|
|
786
796
|
@source.match(/\s*/um, true)
|
787
797
|
if prefix == "xmlns"
|
788
798
|
if local_part == "xml"
|
789
|
-
if value !=
|
799
|
+
if value != Private::XML_PREFIXED_NAMESPACE
|
790
800
|
msg = "The 'xml' prefix must not be bound to any other namespace "+
|
791
801
|
"(http://www.w3.org/TR/REC-xml-names/#ns-decl)"
|
792
802
|
raise REXML::ParseException.new( msg, @source, self )
|
@@ -51,6 +51,14 @@ module REXML
|
|
51
51
|
@parser.entity_expansion_count
|
52
52
|
end
|
53
53
|
|
54
|
+
def entity_expansion_limit=( limit )
|
55
|
+
@parser.entity_expansion_limit = limit
|
56
|
+
end
|
57
|
+
|
58
|
+
def entity_expansion_text_limit=( limit )
|
59
|
+
@parser.entity_expansion_text_limit = limit
|
60
|
+
end
|
61
|
+
|
54
62
|
def each
|
55
63
|
while has_next?
|
56
64
|
yield self.pull
|
@@ -26,6 +26,14 @@ module REXML
|
|
26
26
|
@parser.entity_expansion_count
|
27
27
|
end
|
28
28
|
|
29
|
+
def entity_expansion_limit=( limit )
|
30
|
+
@parser.entity_expansion_limit = limit
|
31
|
+
end
|
32
|
+
|
33
|
+
def entity_expansion_text_limit=( limit )
|
34
|
+
@parser.entity_expansion_text_limit = limit
|
35
|
+
end
|
36
|
+
|
29
37
|
def add_listener( listener )
|
30
38
|
@parser.add_listener( listener )
|
31
39
|
end
|
@@ -251,6 +259,8 @@ module REXML
|
|
251
259
|
end
|
252
260
|
|
253
261
|
def get_namespace( prefix )
|
262
|
+
return nil if @namespace_stack.empty?
|
263
|
+
|
254
264
|
uris = (@namespace_stack.find_all { |ns| not ns[prefix].nil? }) ||
|
255
265
|
(@namespace_stack.find { |ns| not ns[nil].nil? })
|
256
266
|
uris[-1][prefix] unless uris.nil? or 0 == uris.size
|
@@ -18,6 +18,14 @@ module REXML
|
|
18
18
|
@parser.entity_expansion_count
|
19
19
|
end
|
20
20
|
|
21
|
+
def entity_expansion_limit=( limit )
|
22
|
+
@parser.entity_expansion_limit = limit
|
23
|
+
end
|
24
|
+
|
25
|
+
def entity_expansion_text_limit=( limit )
|
26
|
+
@parser.entity_expansion_text_limit = limit
|
27
|
+
end
|
28
|
+
|
21
29
|
def parse
|
22
30
|
# entity string
|
23
31
|
while true
|
data/lib/rexml/rexml.rb
CHANGED
data/lib/rexml/source.rb
CHANGED
@@ -77,6 +77,7 @@ module REXML
|
|
77
77
|
detect_encoding
|
78
78
|
end
|
79
79
|
@line = 0
|
80
|
+
@term_encord = {}
|
80
81
|
end
|
81
82
|
|
82
83
|
# The current buffer (what we're going to read next)
|
@@ -227,7 +228,7 @@ module REXML
|
|
227
228
|
|
228
229
|
def read_until(term)
|
229
230
|
pattern = Private::PRE_DEFINED_TERM_PATTERNS[term] || /#{Regexp.escape(term)}/
|
230
|
-
term = encode(term)
|
231
|
+
term = @term_encord[term] ||= encode(term)
|
231
232
|
until str = @scanner.scan_until(pattern)
|
232
233
|
break if @source.nil?
|
233
234
|
break if @source.eof?
|
@@ -294,14 +295,19 @@ module REXML
|
|
294
295
|
|
295
296
|
private
|
296
297
|
def readline(term = nil)
|
297
|
-
str = @source.readline(term || @line_break)
|
298
298
|
if @pending_buffer
|
299
|
+
begin
|
300
|
+
str = @source.readline(term || @line_break)
|
301
|
+
rescue IOError
|
302
|
+
end
|
299
303
|
if str.nil?
|
300
304
|
str = @pending_buffer
|
301
305
|
else
|
302
306
|
str = @pending_buffer + str
|
303
307
|
end
|
304
308
|
@pending_buffer = nil
|
309
|
+
else
|
310
|
+
str = @source.readline(term || @line_break)
|
305
311
|
end
|
306
312
|
return nil if str.nil?
|
307
313
|
|
data/lib/rexml/text.rb
CHANGED
@@ -268,7 +268,8 @@ module REXML
|
|
268
268
|
# u = Text.new( "sean russell", false, nil, true )
|
269
269
|
# u.value #-> "sean russell"
|
270
270
|
def value
|
271
|
-
@unnormalized ||= Text::unnormalize(
|
271
|
+
@unnormalized ||= Text::unnormalize(@string, doctype,
|
272
|
+
entity_expansion_text_limit: document&.entity_expansion_text_limit)
|
272
273
|
end
|
273
274
|
|
274
275
|
# Sets the contents of this text node. This expects the text to be
|
@@ -411,11 +412,12 @@ module REXML
|
|
411
412
|
end
|
412
413
|
|
413
414
|
# Unescapes all possible entities
|
414
|
-
def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil )
|
415
|
+
def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil, entity_expansion_text_limit: nil )
|
416
|
+
entity_expansion_text_limit ||= Security.entity_expansion_text_limit
|
415
417
|
sum = 0
|
416
418
|
string.gsub( /\r\n?/, "\n" ).gsub( REFERENCE ) {
|
417
419
|
s = Text.expand($&, doctype, filter)
|
418
|
-
if sum + s.bytesize >
|
420
|
+
if sum + s.bytesize > entity_expansion_text_limit
|
419
421
|
raise "entity expansion has grown too large"
|
420
422
|
else
|
421
423
|
sum += s.bytesize
|
metadata
CHANGED
@@ -1,28 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rexml
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.3.
|
4
|
+
version: 3.3.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Kouhei Sutou
|
8
8
|
bindir: bin
|
9
9
|
cert_chain: []
|
10
|
-
date: 2024-
|
11
|
-
dependencies:
|
12
|
-
- !ruby/object:Gem::Dependency
|
13
|
-
name: strscan
|
14
|
-
requirement: !ruby/object:Gem::Requirement
|
15
|
-
requirements:
|
16
|
-
- - ">="
|
17
|
-
- !ruby/object:Gem::Version
|
18
|
-
version: '0'
|
19
|
-
type: :runtime
|
20
|
-
prerelease: false
|
21
|
-
version_requirements: !ruby/object:Gem::Requirement
|
22
|
-
requirements:
|
23
|
-
- - ">="
|
24
|
-
- !ruby/object:Gem::Version
|
25
|
-
version: '0'
|
10
|
+
date: 2024-10-24 00:00:00.000000000 Z
|
11
|
+
dependencies: []
|
26
12
|
description: An XML toolkit for Ruby
|
27
13
|
email:
|
28
14
|
- kou@cozmixng.org
|
@@ -116,7 +102,7 @@ homepage: https://github.com/ruby/rexml
|
|
116
102
|
licenses:
|
117
103
|
- BSD-2-Clause
|
118
104
|
metadata:
|
119
|
-
changelog_uri: https://github.com/ruby/rexml/releases/tag/v3.3.
|
105
|
+
changelog_uri: https://github.com/ruby/rexml/releases/tag/v3.3.9
|
120
106
|
rdoc_options:
|
121
107
|
- "--main"
|
122
108
|
- README.md
|