|
669bd349
|
2024-06-12T18:20:01
|
|
xpointer: Remove support for XPointer locations
The latest spec for what it essentially an XPath extension seems to be
this working draft from 2002:
https://www.w3.org/TR/xptr-xpointer/
The xpointer() scheme is listed as "being reviewed" in the XPointer
registry since at least 2006. libxml2 seems to be the only modern
software that tries to implement this spec, but the code has many bugs
and quality issues.
If you configure --with-legacy, old symbols are retained for ABI
compatibility.
|
|
|
9ab01a27
|
2016-06-28T14:22:23
|
|
Fix XPointer paths beginning with range-to
The old code would invoke the broken xmlXPtrRangeToFunction. range-to
isn't really a function but a special kind of location step. Remove
this function and always handle range-to in the XPath code.
The old xmlXPtrRangeToFunction could also be abused to trigger a
use-after-free error with the potential for remote code execution.
Found with afl-fuzz.
Fixes CVE-2016-5131.
|
|
c8df0aaf
|
2000-10-10T23:50:30
|
|
Added XPointer: - configure.in Makefile.am include/makefile.am: adding
Added XPointer:
- configure.in Makefile.am include/makefile.am: adding XPointer
and XPtrtests target
- xpointer.[ch] : new files for XPointer support
- test/XPath/xptr result/XPath/xptr: added XPointer testsuite and
more XPath tests
Daniel
|