search

ckruse / CFPropertyList

Read, write and manipulate both binary and XML property lists as defined by apple
MIT License
212 stars 47 forks source link

Any specific reason to use NOENT? #55

Closed shubhampathak closed 4 years ago

shubhampathak commented 4 years ago

@ckruse Hi Christian, found NOENT in both rbLibXMLParser.rb and rbNokogiriParser.rb Passing NOENT as parsing option is risky.

Passing NOENT (which is used to substitute entities) as parsing options permits processing of entities, including both regular and external. That means NONET and NODTDLOAD will be of no use if NOENT is there.

Take a look at this: https://github.com/sparklemotion/nokogiri/issues/1582#issuecomment-562180275

This is why Nokogiri team strictly suggests using default parsing options: DEFAULT_XML = RECOVER | NONET

NOENT

ckruse commented 4 years ago

Hm. I actually don't remember anymore. It is several years ago that I wrote this code. Following the links you posted it seems to make sense to disable it. Do you mind to create a pull request?

shubhampathak commented 4 years ago

Hi Christian, thanks for the quick response. Sure! creating a Pull Request.

ckruse commented 4 years ago

fixed by #56

ckruse commented 4 years ago

I pushed a new version