diff options
| -rw-r--r-- | spec/util_xml_spec.lua | 7 | ||||
| -rw-r--r-- | util/xml.lua | 5 |
2 files changed, 11 insertions, 1 deletions
diff --git a/spec/util_xml_spec.lua b/spec/util_xml_spec.lua index 28a1cea7..6d3136ab 100644 --- a/spec/util_xml_spec.lua +++ b/spec/util_xml_spec.lua @@ -42,6 +42,13 @@ describe("util.xml", function() assert.falsy(ok); end); + it("should allow processing instructions if asked nicely", function() + local x = "<?xml-stylesheet href='make-fancy.xsl'?><foo/>"; + local stanza = xml.parse(x, {allow_processing_instructions = true}); + assert.truthy(stanza); + assert.are.equal(stanza.name, "foo"); + end); + it("should allow an xml declaration", function() local x = "<?xml version='1.0'?><foo/>"; local stanza = xml.parse(x); diff --git a/util/xml.lua b/util/xml.lua index 9322f3ad..2bf1ff4e 100644 --- a/util/xml.lua +++ b/util/xml.lua @@ -72,11 +72,14 @@ local parse_xml = (function() end end handler.StartDoctypeDecl = restricted_handler; - handler.ProcessingInstruction = restricted_handler; if not options or not options.allow_comments then -- NOTE: comments are generally harmless and can be useful when parsing configuration files or other data, even user-provided data handler.Comment = restricted_handler; end + if not options or not options.allow_processing_instructions then + -- Processing instructions should generally be safe to just ignore + handler.ProcessingInstruction = restricted_handler; + end local parser = lxp.new(handler, ns_separator); local ok, err, line, col = parser:parse(xml); if ok then ok, err, line, col = parser:parse(); end |