util.xml: Add an option to allow <?processing instructions?>

These should generally be safe to just ignore, which should be the default behavior of Expat and LuaExpat
2025-04-01 20:27:39 +03:00 · 2022-02-04 20:47:39 +01:00 · 2022-02-04 20:47:39 +01:00 · 99a880ebe5
commit 99a880ebe5
parent eae775bc79
2 changed files with 11 additions and 1 deletions
--- a/spec/util_xml_spec.lua
+++ b/spec/util_xml_spec.lua
@ -42,6 +42,13 @@ describe("util.xml", function()
 			assert.falsy(ok);
 		end);

+		it("should allow processing instructions if asked nicely", function()
+			local x = "<?xml-stylesheet href='make-fancy.xsl'?><foo/>";
+			local stanza = xml.parse(x, {allow_processing_instructions = true});
+			assert.truthy(stanza);
+			assert.are.equal(stanza.name, "foo");
+		end);
+
 		it("should allow an xml declaration", function()
 			local x = "<?xml version='1.0'?><foo/>";
 			local stanza = xml.parse(x);
--- a/util/xml.lua
+++ b/util/xml.lua
@ -72,11 +72,14 @@ local parse_xml = (function()
 			end
 		end
 		handler.StartDoctypeDecl = restricted_handler;
-		handler.ProcessingInstruction = restricted_handler;
 		if not options or not options.allow_comments then
 			-- NOTE: comments are generally harmless and can be useful when parsing configuration files or other data, even user-provided data
 			handler.Comment = restricted_handler;
 		end
+		if not options or not options.allow_processing_instructions then
+			-- Processing instructions should generally be safe to just ignore
+			handler.ProcessingInstruction = restricted_handler;
+		end
 		local parser = lxp.new(handler, ns_separator);
 		local ok, err, line, col = parser:parse(xml);
 		if ok then ok, err, line, col = parser:parse(); end