Prevent XML parser from loading external entities
This commit is contained in:
parent
6902ede5b7
commit
1f54bea564
1 changed files with 4 additions and 1 deletions
|
@ -29,7 +29,10 @@ defmodule Pleroma.Web.XML do
|
|||
{doc, _rest} =
|
||||
text
|
||||
|> :binary.bin_to_list()
|
||||
|> :xmerl_scan.string(quiet: true)
|
||||
|> :xmerl_scan.string(
|
||||
quiet: true,
|
||||
fetch_fun: fn _, _ -> raise "Resolving external entities not supported" end
|
||||
)
|
||||
|
||||
{:ok, doc}
|
||||
rescue
|
||||
|
|
Loading…
Reference in a new issue