70 if not parser.stop or not parser:stop() then |
70 if not parser.stop or not parser:stop() then |
71 error("Failed to abort parsing"); |
71 error("Failed to abort parsing"); |
72 end |
72 end |
73 end |
73 end |
74 handler.StartDoctypeDecl = restricted_handler; |
74 handler.StartDoctypeDecl = restricted_handler; |
75 handler.ProcessingInstruction = restricted_handler; |
|
76 if not options or not options.allow_comments then |
75 if not options or not options.allow_comments then |
77 -- NOTE: comments are generally harmless and can be useful when parsing configuration files or other data, even user-provided data |
76 -- NOTE: comments are generally harmless and can be useful when parsing configuration files or other data, even user-provided data |
78 handler.Comment = restricted_handler; |
77 handler.Comment = restricted_handler; |
|
78 end |
|
79 if not options or not options.allow_processing_instructions then |
|
80 -- Processing instructions should generally be safe to just ignore |
|
81 handler.ProcessingInstruction = restricted_handler; |
79 end |
82 end |
80 local parser = lxp.new(handler, ns_separator); |
83 local parser = lxp.new(handler, ns_separator); |
81 local ok, err, line, col = parser:parse(xml); |
84 local ok, err, line, col = parser:parse(xml); |
82 if ok then ok, err, line, col = parser:parse(); end |
85 if ok then ok, err, line, col = parser:parse(); end |
83 --parser:close(); |
86 --parser:close(); |