mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 13:47:41 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

util.xml: Add an option to allow <?processing instructions?>

Browse source 
These should generally be safe to just ignore, which should be the
default behavior of Expat and LuaExpat
This commit is contained in:
Kim Alvefur 2022-02-04 20:47:39 +01:00
parent eae775bc79
commit 99a880ebe5
2 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
util/xml.lua
View file

@ -72,11 +72,14 @@ local parse_xml = (function()
end
end
handler.StartDoctypeDecl = restricted_handler;
handler.ProcessingInstruction = restricted_handler;
if not options or not options.allow_comments then
-- NOTE: comments are generally harmless and can be useful when parsing configuration files or other data, even user-provided data
handler.Comment = restricted_handler;
end
if not options or not options.allow_processing_instructions then
-- Processing instructions should generally be safe to just ignore
handler.ProcessingInstruction = restricted_handler;
end
local parser = lxp.new(handler, ns_separator);
local ok, err, line, col = parser:parse(xml);
if ok then ok, err, line, col = parser:parse(); end