Project

rexml-expansion-fix

0.0
No commit activity in last 3 years
No release in over 3 years
rexml-expansion-fixnzkoz/rexml-expansion-fixHomepageDocumentationSource CodeBug TrackerWiki
Prevents DoS attacks using the billion-laughs or entity-explosion techniques.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
78,456
Stars
2
Forks
0
Watchers
4
 Releases
Current version
1.0.1
Total releases
2
First release
2008-08-21
Latest release
2008-08-30
 Development
Primary Language
Ruby
Average date of last 50 commits
2008-08-27
Reverse Dependencies
1

 Dependencies
 Project Readme

REXML Expansion Fix

The version of rexml which ships with ruby at present will not restrict the total number of entity expanstions when processing inline attributes. This can allow specially crafted documents to consume enormous amounts of CPU. To prevent this from happening this fix causes processing to abort processing after a certain number of expansions have taken place. The limit defaults to 10000 but you can change it as follows:

REXML::Document.entity_expansion_limit= 50

The example xml in example.xml can be used to verify that your application is safe.