diff options
author | Joanna Hulboj <joanna.hulboj@isode.com> | 2019-09-12 08:54:19 (GMT) |
---|---|---|
committer | Joanna Hulboj <joanna.hulboj@isode.com> | 2019-09-16 08:17:07 (GMT) |
commit | 181ac4a83ba4a82be683fb0a6f08393d3c91320c (patch) | |
tree | 76e41aac0cda8be5582137d34cb0c9f5683c9dc2 /Swiften/Parser/ExpatParser.cpp | |
parent | 415870c04a7e6cabf13e6acf3a94bb0f68732907 (diff) | |
download | swift-181ac4a83ba4a82be683fb0a6f08393d3c91320c.zip swift-181ac4a83ba4a82be683fb0a6f08393d3c91320c.tar.bz2 |
Close the stream for disallowed XML features
According to RFC 6120 if any disallowed XML feature is encountered,
we should close the stream with a <restricted-xml/>. The following
features of XML are prohibited in XMPP:
- processing instructions
- internal or external DTD subsets
- internal or external entity references
- comments
Test-information:
Unit tests pass on Windows 10 and Ubuntu 18.04.1 LTS
Change-Id: I475920c91b7f9da51ab37c106a4783a52f6e3cae
Diffstat (limited to 'Swiften/Parser/ExpatParser.cpp')
-rw-r--r-- | Swiften/Parser/ExpatParser.cpp | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/Swiften/Parser/ExpatParser.cpp b/Swiften/Parser/ExpatParser.cpp index a50949b..640d561 100644 --- a/Swiften/Parser/ExpatParser.cpp +++ b/Swiften/Parser/ExpatParser.cpp @@ -72,8 +72,21 @@ static void handleEntityDeclaration(void* parser, const XML_Char*, int, const XM static_cast<ExpatParser*>(parser)->stopParser(); } +static void handleComment(void* parser, const XML_Char* /*data*/) { + if (!static_cast<ExpatParser*>(parser)->allowsComments()) { + static_cast<ExpatParser*>(parser)->stopParser(); + } +} + +static void handleProcessingInstruction(void* parser, const XML_Char* /*target*/, const XML_Char* /*data*/) { + static_cast<ExpatParser*>(parser)->stopParser(); +} + +static void handleDoctypeDeclaration(void* parser, const XML_Char* /*doctypeName*/, const XML_Char* /*sysid*/, const XML_Char* /*pubid*/, int /*has_internal_subset*/) { + static_cast<ExpatParser*>(parser)->stopParser(); +} -ExpatParser::ExpatParser(XMLParserClient* client) : XMLParser(client), p(new Private()) { +ExpatParser::ExpatParser(XMLParserClient* client, bool allowComments) : XMLParser(client, allowComments), p(new Private()) { p->parser_ = XML_ParserCreateNS("UTF-8", NAMESPACE_SEPARATOR); XML_SetUserData(p->parser_, this); XML_SetElementHandler(p->parser_, handleStartElement, handleEndElement); @@ -81,6 +94,9 @@ ExpatParser::ExpatParser(XMLParserClient* client) : XMLParser(client), p(new Pri XML_SetXmlDeclHandler(p->parser_, handleXMLDeclaration); XML_SetEntityDeclHandler(p->parser_, handleEntityDeclaration); XML_SetNamespaceDeclHandler(p->parser_, handleNamespaceDeclaration, nullptr); + XML_SetCommentHandler(p->parser_, handleComment); + XML_SetProcessingInstructionHandler(p->parser_, handleProcessingInstruction); + XML_SetDoctypeDeclHandler(p->parser_, handleDoctypeDeclaration, nullptr); } ExpatParser::~ExpatParser() { |