Mercurial Mercurial > prosody > prosody / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
util/xml.lua
changeset 12207 320de3e4b579
parent 12184 53e0ae770917
parent 12206 ebeb4d959fb3
child 12274 c78639ee6ccb
equal deleted inserted replaced
12204:2bb4ee5f42be 12207:320de3e4b579 
    63 			stanza:text(data);
 
    63 			stanza:text(data);
 
    64 		end
 
    64 		end
 
    65 		function handler:EndElement()
 
    65 		function handler:EndElement()
 
    66 			stanza:up();
 
    66 			stanza:up();
 
    67 		end
 
    67 		end
 
    68 		local parser;
 
       
    69 		-- SECURITY: These two handlers, especially the Doctype one, are required to prevent exploits such as Billion Laughs.
 
    68 		-- SECURITY: These two handlers, especially the Doctype one, are required to prevent exploits such as Billion Laughs.
 
    70 		function handler:StartDoctypeDecl()
 
    69 		local function restricted_handler(parser)
 
    71 			if not parser.stop or not parser:stop() then
 
    70 			if not parser.stop or not parser:stop() then
 
    72 				error("Failed to abort parsing");
 
    71 				error("Failed to abort parsing");
 
    73 			end
 
    72 			end
 
    74 		end
 
    73 		end
 
    75 		function handler:ProcessingInstruction()
 
    74 		handler.StartDoctypeDecl = restricted_handler;
 
    76 			if not parser.stop or not parser:stop() then
 
    75 		handler.ProcessingInstruction = restricted_handler;
 
    77 				error("Failed to abort parsing");
 
       
    78 			end
 
       
    79 		end
 
       
    80 		if not options or not options.allow_comments then
 
    76 		if not options or not options.allow_comments then
 
    81 			-- NOTE: comments are generally harmless and can be useful when parsing configuration files or other data, even user-provided data
 
    77 			-- NOTE: comments are generally harmless and can be useful when parsing configuration files or other data, even user-provided data
 
    82 			function handler:Comment()
 
    78 			handler.Comment = restricted_handler;
 
    83 				if not parser.stop or not parser:stop() then
 
       
    84 					error("Failed to abort parsing");
 
       
    85 				end
 
       
    86 			end
 
       
    87 		end
 
    79 		end
 
    88 		parser = lxp.new(handler, ns_separator);
 
    80 		local parser = lxp.new(handler, ns_separator);
 
    89 		local ok, err, line, col = parser:parse(xml);
 
    81 		local ok, err, line, col = parser:parse(xml);
 
    90 		if ok then ok, err, line, col = parser:parse(); end
 
    82 		if ok then ok, err, line, col = parser:parse(); end
 
    91 		--parser:close();
 
    83 		--parser:close();
 
    92 		if ok then
 
    84 		if ok then
 
    93 			return stanza.tags[1];
 
    85 			return stanza.tags[1];
prosody