mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2024-12-23 00:26:30 +00:00
Prevent XML parser from loading external entities
This commit is contained in:
parent
1062185ba0
commit
ca0859b90f
1 changed files with 4 additions and 1 deletions
|
@ -29,7 +29,10 @@ defmodule Pleroma.Web.XML do
|
||||||
{doc, _rest} =
|
{doc, _rest} =
|
||||||
text
|
text
|
||||||
|> :binary.bin_to_list()
|
|> :binary.bin_to_list()
|
||||||
|> :xmerl_scan.string(quiet: true)
|
|> :xmerl_scan.string(
|
||||||
|
quiet: true,
|
||||||
|
fetch_fun: fn _, _ -> raise "Resolving external entities not supported" end
|
||||||
|
)
|
||||||
|
|
||||||
{:ok, doc}
|
{:ok, doc}
|
||||||
rescue
|
rescue
|
||||||
|
|
Loading…
Reference in a new issue