Any specific reason to use NOENT? #55
Comments
|
Hm. I actually don't remember anymore. It is several years ago that I wrote this code. Following the links you posted it seems to make sense to disable it. Do you mind to create a pull request? |
|
Hi Christian, thanks for the quick response. Sure! creating a Pull Request. |
shubhampathak
added a commit
to shubhampathak/CFPropertyList
that referenced
this issue
Dec 6, 2019
NOENT, which is used to substitute entities also enables processing of both regular and external entities. Which seems risky when you don't the XML source. NONET will have no effect if used with NOENT. - Github Issue: ckruse#55
|
fixed by #56 |
|
I pushed a new version |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@ckruse Hi Christian, found
NOENTin bothrbLibXMLParser.rbandrbNokogiriParser.rbPassing NOENT as parsing option is risky.
Passing
NOENT(which is used to substitute entities) as parsing options permits processing of entities, including both regular and external. That meansNONETandNODTDLOADwill be of no use if NOENT is there.Take a look at this:
sparklemotion/nokogiri#1582 (comment)
This is why Nokogiri team strictly suggests using default parsing options:
DEFAULT_XML = RECOVER | NONET
The text was updated successfully, but these errors were encountered: