mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2024-12-23 00:26:30 +00:00
Prevent XML parser from loading external entities
This commit is contained in:
parent
1062185ba0
commit
ca0859b90f
1 changed files with 4 additions and 1 deletions
|
@ -29,7 +29,10 @@ defmodule Pleroma.Web.XML do
|
|||
{doc, _rest} =
|
||||
text
|
||||
|> :binary.bin_to_list()
|
||||
|> :xmerl_scan.string(quiet: true)
|
||||
|> :xmerl_scan.string(
|
||||
quiet: true,
|
||||
fetch_fun: fn _, _ -> raise "Resolving external entities not supported" end
|
||||
)
|
||||
|
||||
{:ok, doc}
|
||||
rescue
|
||||
|
|
Loading…
Reference in a new issue