Fix to not allow parameter entity references at internal subsets

ruby / rexml

REXML is an XML toolkit for Ruby

BSD 2-Clause "Simplified" License

137 stars 63 forks source link

Fix to not allow parameter entity references at internal subsets #191

Closed naitoh closed 1 month ago

naitoh commented 2 months ago

Why?

In the internal subset of DTD, references to parameter entities are not allowed within markup declarations.

See: https://www.w3.org/TR/xml/#wfc-PEinInternalSubset

Well-formedness constraint: PEs in Internal Subset

In the internal DTD subset, parameter-entity references MUST NOT occur within markup declarations; they may occur where markup declarations can occur. (This does not apply to references that occur in external parameter entities or to the external subset.)

naitoh commented 1 month ago

Wow!

Can we also check this in BaseParser?

I changed BaseParser to do this check.

If we can do it, can we move the validation to #write?

I added validation to Entity.new.

Do we need to update #unnormalized and #normalized too?

Updated #unnormalized. No need to update #normalized.

kou commented 1 month ago

Thanks.