Prevent XML parser from loading external entities
This commit is contained in:
parent
ff2f3862ab
commit
fc10e07ffb
@ -29,7 +29,10 @@ defmodule Pleroma.Web.XML do
|
||||
{doc, _rest} =
|
||||
text
|
||||
|> :binary.bin_to_list()
|
||||
|> :xmerl_scan.string(quiet: true)
|
||||
|> :xmerl_scan.string(
|
||||
quiet: true,
|
||||
fetch_fun: fn _, _ -> raise "Resolving external entities not supported" end
|
||||
)
|
||||
|
||||
{:ok, doc}
|
||||
rescue
|
||||
|
Loading…
Reference in New Issue
Block a user