Open johnnyshields opened 4 months ago
RubySaml::XML::BaseDocument has a line:
RubySaml::XML::BaseDocument
REXML::Security.entity_expansion_limit = 0
This mutates the global state of REXML, and also means that RubySaml could be affected by other gems changing this.
Instead, we should do something like:
def with_secure_rexml old_eel = REXML::Security.entity_expansion_limit REXML::Security.entity_expansion_limit = 0 yield ensure REXML::Security.entity_expansion_limit = old_eel end
It's not threadsafe however...
Maybe just replace REXML with Nokogiri?
RubySaml::XML::BaseDocumenthas a line:This mutates the global state of REXML, and also means that RubySaml could be affected by other gems changing this.
Instead, we should do something like:
It's not threadsafe however...
Maybe just replace REXML with Nokogiri?