On Sun, 31 Mar 2019 19:55:29 +0200, Moritz Mühlenhoff wrote: > > +B<WARNING>: setting expand_external_ents to 0 or -1 currently doesn't work > > +as expected; cf. L<https://rt.cpan.org/Public/Bug/Display.html?id=118097>. > > +To completelty turn off expanding external entities use C<no_xxe>. > > + > > +=item no_xxe > > + > > +If this argument is set to a true value, expanding of external entities is > > +turned off. > > + > > Looks great, that's exactly what i had in mind!
Great, thanks for the feedback! > > In general, if we go ahead with something like this, I'm not sure if > > we should really close this bug; the issue is mitigated by using and > > documenting no_xxe but the expand_external_ents option is still buggy. > > [0]. > I assume it was an oversight for expand_external_ents, but then they didn't > want to break existing behaviour and only added no_xxe as a new option. > Which (if properly documented) is fine, it's not uncommon that impacting > changes are only hidden behind newly introduced flags for a lot of libraries. Ok, makes sense. > I think there's both arguments for closing and keeping the bug. And the bug title is "… doesn't work as documented" which is no longer true after the update of the documentation. I've uploaded the packaged to DELAYED/2 right now and left the bug closer in. Cheers, gregor -- .''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe `-
signature.asc
Description: Digital Signature
