Re: [xml] [PATCH] Check hex or decimal entity for overflow

On Mon, Jan 22, 2018 at 04:37:17PM +0100, Nick Wellnhofer wrote:
On 09/01/2018 00:55, Joel Hockey wrote:
Updated patch with XML_ERR_INVALID_CHAR.

Should be fixed with

As noted previously, this only affects "recovery" mode. The commit addresses

  And I repeatedly asked people to *not* use recover mode of the XML parser
which is not conformant to the XML spec, unless this is upon an explicit
recovery operation, not a default process. I *really* hope that chrome or
chromium is *not* using the recovery mode by default for XML parsing
in the browser. I guarantee nothing about the recovery mode in the long term
and I already wrote that I would remove it from the parser if people were
abusing this option.
  XML is fairly tidy, we can't let the general usage diverge from the spec.

the issue at an earlier point in the parsing process and makes sure not to
return invalid entity content in recovery mode at all.

xml mailing list, project page
xml gnome org

Daniel Veillard      | Red Hat Developers Tools
veillard redhat com  | libxml Gnome XML XSLT toolkit | virtualization library

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]