Some leaked networked access in LibXML::Schema parsing

[dwarring]

Just following recent activity on Perl 5 XML::LibXML. Github blead has recently disabled network access by default. However this is not enough to disabled the schema validator, fixed with https://github.com/shlomif/perl-XML-LibXML/commit/e29829f5aee40bb2f11cf77b426458abf80e8792

These Raku bindings currently have the same weakness, ie although !net is the default for parser contexts, this is not sufficient to disable Schema network access.

[dwarring]

I want to look at globally setting the default external entity loader to :!net, and selectively re-enabling when requested for schema loading, ie secure by default (that's the plan anyway).

[dwarring]

Err, there's a much more basic problem, which trumps this original ticket. f2e19a0093cf04ad4c06e78da6dd7322085f31f3 purports to disable networking, but doesn't. Compounded by a lack of appropriate testing.

The following is returning 'True', instead of 'False'.

$ perl6 -I . -e'use LibXML; say LibXML.new.network'

Will fix in both the Parser and Schema loader.

[dwarring]

Fixed options. Set Schema default to :!network. Released as 0.2.0.