AkkomaGang/akkoma
AkkomaGang
/
akkoma
12
63
Fork 83
Code Issues 166 Pull Requests 14 Packages Projects 2 Releases 13 Wiki Activity

Prevent XML parser from loading external entities

This commit is contained in:
Mae 2023-08-04 22:24:17 +01:00 committed by FloatingGhost
parent 6902ede5b7
commit 1f54bea564
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/pleroma/web/xml.ex
View File

@ -29,7 +29,10 @@ defmodule Pleroma.Web.XML do
{doc, _rest} =
text
|> :binary.bin_to_list()
|> :xmerl_scan.string(quiet: true)
|> :xmerl_scan.string(
quiet: true,
fetch_fun: fn _, _ -> raise "Resolving external entities not supported" end
)
{:ok, doc}
rescue