Hi Gregor,
> Moritz, I'm not completely sure I understand which changes to the
> docs you imagined, but I've added the following now:
>
> +B<WARNING>: setting expand_external_ents to 0 or -1 currently doesn't work
> +as expected; cf. L<https://rt.cpan.org/Public/Bug/Display.html?id=118097>.
> +To completelty turn off expanding external entities use C<no_xxe>.
> +
> +=item no_xxe
> +
> +If this argument is set to a true value, expanding of external entities is
> +turned off.
> +
Looks great, that's exactly what i had in mind!
> In general, if we go ahead with something like this, I'm not sure if
> we should really close this bug; the issue is mitigated by using and
> documenting no_xxe but the expand_external_ents option is still buggy.
> [0].
I assume it was an oversight for expand_external_ents, but then they didn't
want to break existing behaviour and only added no_xxe as a new option.
Which (if properly documented) is fine, it's not uncommon that impacting
changes are only hidden behind newly introduced flags for a lot of libraries.
I think there's both arguments for closing and keeping the bug.
Cheers,
Moritz
