Need to require 'rexml/document'

[robbie-mcfarlane]

Fix parsing errors of unnormalized characters on Ruby 1.9.3-p392

e.g., &

[jnunemaker]

I'm not seeing a use of REXML::Document, so why do we need to require it? Just curious.

[neilfws]

I am seeing this issue too. My distro (Linux Mint 13) recently updated its Ruby installation (1.8.7 p352). Code which uses Crack to parse XML then failed with message "uninitialized constant REXML::Text::Document". Adding "require rexml/document" to the code fixed the issue.

Update: I'm seeing a lot of references to 1.9.3; just to reiterate that I see the issue with 1.8.7 on my system.

[tadast]

I'm seeing this issue in Ruby 2.0

Here's where it's happening https://github.com/jnunemaker/crack/blob/master/lib/crack/xml.rb#L185 REXML::Text::unnormalize references Document and it is not required. I think REXML should resolve this dependency, but the pull request could be merged in as a temporary fix perhaps?

[kurtfunai]

I ran into the same issue as @tadast after upgrading to Ruby 2.0.

[magnusvk]

Seeing this same issue on Ruby 1.9.3-p392. Any chance we can see this merged in?

[kurtfunai]

Seems related to the changes in ruby-1.9.3-p392 release: http://www.ruby-lang.org/en/news/2013/02/22/ruby-1-9-3-p392-is-released/ "Entity expansion DoS vulnerability in REXML (XML bomb)"

Changing my local version back to 1.9.3-p385 fixed the issues I was experiencing.

[RichIsOnRails]

Yeah this definitely fixes the issue for me.

[magnusvk]

Ok, so seriously -- can we see this merged in? Lots of people having the problem, a simple one-line fix available. What's the holdup?