kc3-lang/libxml2/include/libxml/entities.h
Branch :
Log
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
 |
ce76ebfd | 2022-12-19 20:56:23 | entities: Stop counting entities This was only used in the old version of xmlParserEntityCheck. | |
|
463bbeec | 2022-12-19 18:39:45 | entities: Rework entity amplification checks This commit implements robust detection of entity amplification attacks, better known as the "billion laughs" attack. We now limit the size of the document after substitution of entities to 10 times the size before expansion. This guarantees linear behavior by definition. There already was a similar check before, but the accounting of "sizeentities" (size of external entities) and "sizeentcopy" (size of all copies created by entity references) wasn't accurate. We also need saturation arithmetic since we're historically limited to "unsigned long" which is 32-bit on many platforms. A maximum of 10 MB of substitutions is always allowed. This should make use cases like DITA work which have caused problems in the past. The old checks based on the number of entities were removed. This is accounted for by adding a fixed cost to each entity reference. Entity amplification checks are now enabled even if XML_PARSE_HUGE is set. This option is mainly used to allow larger text nodes. Most users were unaware that it also disabled entity expansion checks. Some of the limits might be adjusted later. If this change turns out to affect legitimate use cases, we can add a separate parser option to disable the checks. Fixes #294. Fixes #345. | |
|
f34f184f | 2022-12-19 15:24:53 | entities: Add "flags" member to struct xmlEntity This will hold various flags and eventually replace the "checked" member. | |
|
ce9baf94 | 2022-12-08 02:48:27 | Remove XMLCALL and XMLCDECL macros from public headers | |
|
cf4893f7 | 2022-02-20 19:56:41 | Deprecate legacy functions | |
 |
95ebe53b | 2014-10-13 16:06:21 | Fix and add const qualifiers For https://bugzilla.gnome.org/show_bug.cgi?id=689483 It seems there are functions that do use the const qualifier for some of the arguments, but it seems that there are a lot of functions that don't use it and probably should. So I created a patch against 2.9.0 that makes as much as possible const in tree.h, and changed other files as needed. There were a lot of cases like "const xmlNodePtr node". This doesn't actually do anything, there the *pointer* is constant not the object it points to. So I changed those to "const xmlNode *node". I also removed some consts, mostly in the Copy functions, because those functions can actually modify the doc or node they copy from | |
 |
9a85d40c | 2013-11-29 23:26:25 | Fix incorrect spelling entites->entities Partially, a follow-up of 81d7a8245cf9a31a49499a5a195c2b89e6f91180. Signed-off-by: Jan Pokorný <jpokorny@redhat.com> | |
 |
cff2546f | 2013-03-11 15:57:55 | Cache presence of '<' in entities content slightly modify how ent->checked is used, and use the lowest bit to keep the information | |
 |
aa6de47e | 2008-08-25 14:53:31 | applied patch from Aswin to fix tree skipping fixed a comment and added a * xmlreader.c: applied patch from Aswin to fix tree skipping * include/libxml/entities.h entities.c: fixed a comment and added a new xmlNewEntity() entry point * runtest.c: be less verbose * tree.c: space and tabs cleanups daniel svn path=/trunk/; revision=3774 | |
|
f4f4e485 | 2008-08-25 08:57:48 | rework the patch to avoid some ABI issue with people allocating entities * include/libxml/entities.h entities.c SAX2.c parser.c: rework the patch to avoid some ABI issue with people allocating entities structure directly Daniel svn path=/trunk/; revision=3773 | |
|
4bf899bf | 2008-08-20 17:04:30 | fix for CVE-2008-3281 Daniel * include/libxml/parser.h include/libxml/entities.h entities.c parserInternals.c parser.c: fix for CVE-2008-3281 Daniel svn path=/trunk/; revision=3772 | |
|
a37a6ad9 | 2006-10-10 20:05:45 | trying to fix entities behaviour when using SAX, had to extend entities * include/libxml/entities.h entities.c SAX2.c parser.c: trying to fix entities behaviour when using SAX, had to extend entities content and hack on the entities processing code, but that should fix the long standing bug #159219 Daniel | |
 |
21e4ef20 | 2005-01-02 09:53:13 | Re-examined the problems of configuring a "minimal" library. Synchronized the header files with the library code in order to assure that all the various conditionals (LIBXML_xxxx_ENABLED) were the same in both. Modified the API database content to more accurately reflect the conditionals. Enhanced the generation of that database. Although there was no substantial change to any of the library code's logic, a large number of files were modified to achieve the above, and the configuration script was enhanced to do some automatic enabling of features (e.g. --with-xinclude forces --with-xpath). Additionally, all the format errors discovered by apibuild.py were corrected. * configure.in: enhanced cross-checking of options * doc/apibuild.py, doc/elfgcchack.xsl, doc/libxml2-refs.xml, doc/libxml2-api.xml, gentest.py: changed the usage of the <cond> element in module descriptions * elfgcchack.h, testapi.c: regenerated with proper conditionals * HTMLparser.c, SAX.c, globals.c, tree.c, xmlschemas.c, xpath.c, testSAX.c: cleaned up conditionals * include/libxml/[SAX.h, SAX2.h, debugXML.h, encoding.h, entities.h, hash.h, parser.h, parserInternals.h, schemasInternals.h, tree.h, valid.h, xlink.h, xmlIO.h, xmlautomata.h, xmlreader.h, xpath.h]: synchronized the conditionals with the corresponding module code * doc/examples/tree2.c, doc/examples/xpath1.c, doc/examples/xpath2.c: added additional conditions required for compilation * doc/*.html, doc/html/*.html: rebuilt the docs | |
|
be586972 | 2003-11-18 20:56:51 | modified the file header to add more informations, painful... updated to * include/libxml/*.h include/libxml/*.h.in: modified the file header to add more informations, painful... * genChRanges.py genUnicode.py: updated to generate said changes in headers * doc/apibuild.py: extract headers, add them to libxml2-api.xml * *.html *.xsl *.xml: updated the stylesheets to flag geprecated APIs modules. Updated the stylesheets, some cleanups, regenerated * doc/html/*.html: regenerated added back book1 and libxml-lib.html Daniel | |
|
a9cce9cd | 2003-09-29 13:20:24 | Okay this is scary but it is just adding a configure option to disable * HTMLtree.c SAX2.c c14n.c catalog.c configure.in debugXML.c encoding.c entities.c nanoftp.c nanohttp.c parser.c relaxng.c testAutomata.c testC14N.c testHTML.c testRegexp.c testRelax.c testSchemas.c testXPath.c threads.c tree.c valid.c xmlIO.c xmlcatalog.c xmllint.c xmlmemory.c xmlreader.c xmlschemas.c example/gjobread.c include/libxml/HTMLtree.h include/libxml/c14n.h include/libxml/catalog.h include/libxml/debugXML.h include/libxml/entities.h include/libxml/nanohttp.h include/libxml/relaxng.h include/libxml/tree.h include/libxml/valid.h include/libxml/xmlIO.h include/libxml/xmlschemas.h include/libxml/xmlversion.h.in include/libxml/xpathInternals.h python/libxml.c: Okay this is scary but it is just adding a configure option to disable output, this touches most of the files. Daniel | |
 |
76874e45 | 2003-08-25 09:05:12 | Exportability taint of the headers | |
|
2d84a894 | 2002-12-30 00:01:08 | Fixed a really nasty problem raised by a DocBook XSLT transform provided * entities.c parser.c tree.c include/libxml/entities.h: Fixed a really nasty problem raised by a DocBook XSLT transform provided by Sebastian Bergmann Daniel | |
|
61f26174 | 2002-03-12 18:46:39 | Heiko W. Rupp fixed a lot of comments to generate better API descriptions * include/libxml/*.h: Heiko W. Rupp fixed a lot of comments to generate better API descriptions etc... Daniel | |
|
e4301c8b | 2002-02-13 13:32:35 | fixing a comment fixing some troubles with validity check on namespaces * include/libxml/entities.h: fixing a comment * valid.c: fixing some troubles with validity check on namespaces * result/VC/NS3 test/VC/NS3: added a specific regression test Daniel | |
|
6c4ffafd | 2002-02-11 08:54:05 | trying to fix the include mess Daniel * include/libxml/encoding.h include/libxml/entities.h include/libxml/globals.h include/libxml/parser.h include/libxml/threads.h include/libxml/tree.h include/libxml/xmlmemory.h: trying to fix the include mess Daniel | |
|
8ee9c8f6 | 2002-01-26 21:42:58 | applied patch from Anthony Jones to implement copy of DTD subtree too. Had * entities.c tree.c include/libxml/entities.h: applied patch from Anthony Jones to implement copy of DTD subtree too. Had just to keep 2 function private which really ought to become public ones. Daniel | |
|
cbaf3995 | 2001-12-31 16:16:02 | applied 42 documentation patches from Charlie Bozeman. Regenerated the * *.c include/libxml/*.h doc/html/*: applied 42 documentation patches from Charlie Bozeman. Regenerated the HTML docs. Daniel | |
|
c5d64345 | 2001-06-24 12:13:24 | Summer's cleanup, a really big one: * AUTHORS: added William and Bjorn * include/libxml/*.h *.c README doc/*.html etc.: changed old email to daniel@veillard.com hopefully I won't have to do this again * doc/Makefile.am doc/html/*.html: cleanup makefile, checked that docs can be rebuilt cleanly now * include/libxml/xml*version.h*: removed include/libxml/xmlversion.h from CVs it's generated, added include/libxml/xmlwin32version.h also generated but which should change far less frequently. * catalog.c nanoftp.c: made sure to include libxml.h not libxml/xmlversion.h directly * include/libxml/*.h: include xmlwin32version.h instead of xmlversion.h when compiling on WIN32 and MSC Daniel | |
|
017b108f | 2001-06-21 11:20:21 | - Makefile.am: cleanup when --without-debug is specified - xinclude.c xpath.c xpathInternals.h xpointer.c: cleanup w.r.t. --without-debug and other include points - catalog.h testCatalog.c: a bit of cleanup and prepare for XML Catalogs - configure.in entities.h tree.h HTMLparser.c: removed --without-corba, made the _private field mandatory Daniel | |
|
ceacdd96 | 2001-04-18 15:10:35 | - entities.h: andrew@ugh.net.au detected a double declaration Daniel | |
 |
3473f88a | 2001-02-23 17:55:21 | Revert directory structure changes | |
 |
64636e7f | 2001-02-23 01:37:32 | moved to libxml directory - this allow simplify automake/autoconf. Now Thu Feb 23 02:03:56 CET 2001 Tomasz K | |
|
52afe800 | 2000-10-22 16:56:02 | Started working on the hash table module integration, fixed a bug: - entities.[ch] xpath.[ch] hash.[ch] debugXML.c tree.h: added/hacked hash tables from Bjorn Reese <breese@mail1.stofanet.dk>. Switched XPath functions and XML entities table to them. More to come... - xmlIO.c: fixed libxml closing FILEs it didn't open. Daniel | |
|
bc765307 | 2000-10-01 18:23:35 | Cleanups, 1 bug fix: - HTMLparser.c: fixed htmlStartCloseIndexinitialized init - entities.h: exported xmlInitializePredefinedEntities - parser.[ch] : added xmlInitParser() - parserInternals.h : had to export htmlInitAutoClose() Daniel | |
|
39c7d71a | 2000-09-10 16:14:55 | Jumbo patch, resync of W3C/Gnome CVS trees: - uri.c tree.c SAX.c parser.c entities.c debugXML.c: finished the cleanup of the computation of URI references when seeking external entities. The URI reference string and the resulting URI are both stored now. - parser.c HTMLparser.c valid.c nanoftp.c nanohttp.c xpath.c: large s(n)printf checks and cleanup from Denis Barbier <barbier@imacs.polytechnique.fr> - xmlversion.h.in tree.h: couple of SGML declarations for a possible docbook module. - result/VC/ : a couple of test output changed due to the change of the entities URI Daniel | |
|
f0cc7ccc | 2000-08-26 21:40:43 | libxml now grok Docbook-3.1.5 and Docbook-4.1.1 DTDs, this popped out a couple of bugs and 3 speed issues, there is only on minor speed issue left. Assorted collection of user reported bugs and fixes: - doc/encoding.html: added encoding aliases doc - doc/xml.html: updates - encoding.[ch]: added EncodingAliases functions - entities.[ch] valid.[ch] debugXML.c: removed two serious bottleneck affecting large DTDs like Docbook - parser.[ch] xmllint.c: added a pedantic option, will be useful - SAX.c: redefinition of entities is reported in pedantic mode - testHTML.c: uninitialized warning from gcc - uri.c: fixed a couple of bugs - TODO: added issue raised by Michael Daniel | |
|
be803967 | 2000-06-28 23:40:59 | - Large resync between W3C and Gnome tree - configure.in: 2.1.0 prerelease - example/Makefile.am example/gjobread.c tree.h: work on libxml1 libxml2 convergence. - nanoftp, nanohttp.c: fixed stalled connections probs - HTMLtree.c SAX.c : support for attribute without values in HTML for andersca - valid.c: Fixed most validation + namespace problems - HTMLparser.c: start document callback for andersca - debugXML.c xpath.c: lots of XPath fixups from Picdar Technology - parser.h, SAX.c: serious speed improvement for large CDATA blocks - encoding.[ch] xmlIO.[ch]: Improved seriously saving to different encoding - config.h.in parser.c xmllint.c: added xmlCheckVersion() and the LIBXML_TEST_VERSION macro Daniel | |
|
361d845d | 2000-04-03 19:48:13 | Work done on the plane, ready to release libxml2-2.0.0, Daniel | |
|
cf46199c | 2000-03-14 18:30:20 | This is the 2.0.0-beta, lots and lots and lots of changes Have a look at http://xmlsoft.org/upgrade.html Daniel | |
|
71b656e0 | 2000-01-05 14:46:17 | - added xmlRemoveID() and xmlRemoveRef() - added check and handling when possibly removing an ID - fixed some entities problems - added xmlParseTryOrFinish() - changed the way struct aredeclared to allow gtk-doc to expose those - closed #4960 - fixes to libs detection from Albert Chin-A-Young - preparing 1.8.3 release Daniel | |
|
dbfd641b | 1999-12-28 16:35:14 | - Lots of improvements, too long to list here - Push mode for the XML parser (HTML to come) - XML shell like interface for debug - improvements on XPath and validation Daniel | |
|
a0555cc9 | 1999-12-01 09:51:45 | - Updated HTML test outputs - Fixed taht f....g problem with C++ and includes, Daniel | |
|
a594bf46 | 1999-12-01 09:51:45 | - added the patch from Carl Nygard <cnygard@bellatlantic.net> which allow impressive speed improvement on dataset with large text pieces, but at the cost of broken binary compatibility and slightly bigger memory usage. Configure with --with-buffers to activate them, they are protected with XML_USE_BUFFER_CONTENT define. - added xmlCleanupPredefinedEntities(), memory allocation cleanup Daniel | |
|
00fdf370 | 1999-10-08 09:40:39 | Improvement of doc, Raph patch for CORBA init, support for spaces in XPath, Daniel | |
|
dd6b3676 | 1999-09-23 22:19:22 | Fixed CHAR, errno, alpha RPM compile, updated doc, Daniel | |
|
b96e6438 | 1999-08-29 21:02:19 | Release 1.6, lot of fixes, more validation, code cleanup, added namespace on attributes, Daniel. | |
|
b05deb7f | 1999-08-10 19:04:08 | Huge commit: 1.5.0, XML validation, Xpath, bugfixes, examples .... Daniel | |
|
14fff064 | 1999-06-22 21:49:07 | Big changes, seems that 1.2.0 wasn't commited, here is 1.3.0, Daniel | |
|
011b63cb | 1999-06-02 17:44:04 | Release of libxml-1.1, Daniel. | |
|
5099ae89 | 1999-04-21 20:12:07 | Removal of threading problems, update documentation, added SAX tests, Daniel | |
|
517752b9 | 1999-04-05 12:20:10 | Completed/revamped the SAX support, removed old namespace suppport, Daniel | |
|
1e346af5 | 1999-02-22 10:33:01 | Serious upgrade of internal subset support, setup for gtk-doc, Daniel | |
|
39a1f9a3 | 1999-01-17 19:11:59 | Speed, conformance testing, more parsing, general improvements, Daniel. | |
|
be36afe1 | 1998-11-27 06:39:50 | Added copy operations for node/tree/documents, Daniel. | |
|
25940b7c | 1998-10-29 05:51:30 | Cleanup, bug fixing, entities improvement, more documentation, Daniel. | |
|
ccb09637 | 1998-10-27 06:21:04 | Changed the internals a lot for DOM, entity support, slight changes of API, more (if not all) formating of function comments, started documentation, Daniel. | |
|
260a68fd | 1998-08-13 03:39:55 | Release 0.2, 80% rewrite, nothing left intact ... Daniel |