-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add local entity expansion limit to REXML::Parsers::StreamParser
#192
Comments
4 tasks
@otegami BTW, I think it was resolved in rexml 3.3.5. |
naitoh
added a commit
to naitoh/rexml
that referenced
this issue
Aug 22, 2024
naitoh
added a commit
to naitoh/rexml
that referenced
this issue
Aug 22, 2024
naitoh
added a commit
to naitoh/rexml
that referenced
this issue
Aug 23, 2024
naitoh
added a commit
to naitoh/rexml
that referenced
this issue
Aug 26, 2024
## Why? See: ruby#192 --------- Co-authored-by: Sutou Kouhei <[email protected]>
naitoh
added a commit
to naitoh/rexml
that referenced
this issue
Aug 26, 2024
## Why? See: ruby#192 --------- Co-authored-by: Sutou Kouhei <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the REXML allows changing the entity expansion text limit globally via
REXML::Security.entity_expansion_text_limit
. This global setting might unintentionally affect all parsing operations within the application, potentially introducing side effects in parts of the system where a lower limit is preferable for maintaining security.Real-world Use Case
While processing a large XML dataset related to Wikipedia articles, we faced a situation where it was necessary to temporarily increase the entity expansion text limit for specific parsing operations involving large data elements. The requirement to adjust this limit globally, due to the global nature of the current setting, was not ideal.
ref; red-data-tools/red-datasets#198
Proposed
I propose the introduction of an instance-specific method to set the entity expansion text limit directly on instances of
REXML::Parsers::StreamParser
. This method would allow developers to adjust the limit for individual parser instances, thus not impacting the global configuration.Adding this feature would provide the following benefits.
The text was updated successfully, but these errors were encountered: