On Aug 3, 10:55 am, "Daniel N" <[EMAIL PROTECTED]> wrote:
> On 8/4/07, DHH <[EMAIL PROTECTED]> wrote:
>
>
>
> > > I'm looking for a hot fix release, or a avoidance technique.
> > > (For example, How to disable the DTD for Rails XML Parser.)
>
> > Hi 3arrows,
>
> > Thanks for the report. I've immediately tried to contact the REXML
> > guys. This will be a problem for all Ruby applications that accept XML
> > from the outside world. So a hotfix should preferably come from them,
> > so it can benefit everyone in the Ruby community.
>
> > But in the mean time, it'd be great if others also looked into ways of
> > stopping this from the Rails side.
I've done some investigation into what's going on. It's the &x100;
entity causing issues. At the top of the doctype you define
<!ENTITY x0 "hello">
So, &x0; is 'hello'. Then:
<!ENTITY x1 "&x0;&x0;">
&x1; is 'hellohello'
That cycle continues, so &x100; would have to navigate backwards
through all 99 entities and figure out what the value is. It's pretty
big :) This is probably something for REXML or XmlSimple to fix. In
the meantime, someone could create a filter that scrubs doctype
entities before processing them.
Also, don't bother pinging rails apps, you can test it locally like
this:
require 'rubygems'
require 'xmlsimple'
XmlSimple.xml_in 'bad-file.xml'
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Core" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---
