No commit activity in last 3 years
No release in over 3 years
Prevents DoS attacks using the billion-laughs or entity-explosion techniques.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies
 Project Readme

REXML Expansion Fix

The version of rexml which ships with ruby at present will not restrict the total number of entity expanstions when processing inline attributes. This can allow specially crafted documents to consume enormous amounts of CPU. To prevent this from happening this fix causes processing to abort processing after a certain number of expansions have taken place. The limit defaults to 10000 but you can change it as follows:

REXML::Document.entity_expansion_limit= 50

The example xml in example.xml can be used to verify that your application is safe.