From 99a880ebe5e45655d63e1a72866d2d44b7497fd9 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 4 Feb 2022 20:47:39 +0100 Subject: util.xml: Add an option to allow These should generally be safe to just ignore, which should be the default behavior of Expat and LuaExpat --- spec/util_xml_spec.lua | 7 +++++++ util/xml.lua | 5 ++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/spec/util_xml_spec.lua b/spec/util_xml_spec.lua index 28a1cea7..6d3136ab 100644 --- a/spec/util_xml_spec.lua +++ b/spec/util_xml_spec.lua @@ -42,6 +42,13 @@ describe("util.xml", function() assert.falsy(ok); end); + it("should allow processing instructions if asked nicely", function() + local x = ""; + local stanza = xml.parse(x, {allow_processing_instructions = true}); + assert.truthy(stanza); + assert.are.equal(stanza.name, "foo"); + end); + it("should allow an xml declaration", function() local x = ""; local stanza = xml.parse(x); diff --git a/util/xml.lua b/util/xml.lua index 9322f3ad..2bf1ff4e 100644 --- a/util/xml.lua +++ b/util/xml.lua @@ -72,11 +72,14 @@ local parse_xml = (function() end end handler.StartDoctypeDecl = restricted_handler; - handler.ProcessingInstruction = restricted_handler; if not options or not options.allow_comments then -- NOTE: comments are generally harmless and can be useful when parsing configuration files or other data, even user-provided data handler.Comment = restricted_handler; end + if not options or not options.allow_processing_instructions then + -- Processing instructions should generally be safe to just ignore + handler.ProcessingInstruction = restricted_handler; + end local parser = lxp.new(handler, ns_separator); local ok, err, line, col = parser:parse(xml); if ok then ok, err, line, col = parser:parse(); end -- cgit v1.2.3