flavorjones
commented
2 years ago @stevecheckoway Do we still need to address this? If so, should we move this issue over to Nokogiri?
Closed stevecheckoway closed 2 years ago
flavorjones
commented
2 years ago @stevecheckoway Do we still need to address this? If so, should we move this issue over to Nokogiri?
stevecheckoway
commented
2 years ago I think so.
My recollection is that libxml2 checks for duplicate attributes whenever an attribute is added to an element and the only way it has to do this is by walking the linked list of attributes.
If we want to manipulate the xmlNode structure directly rather than calling functions to modify it, we should be able to get amortized O(n) behavior by collecting the set of attributes to add and checking for duplicates.
flavorjones
commented
2 years ago
Code in question is here.
This can lead to a DoS. See #143.