Bug#1003810: libxml-libxml-perl: getElementById is broken (regression)
Vincent Lefevre
vincent at vinc17.net
Tue Feb 8 13:17:56 GMT 2022
On 2022-02-08 13:53:23 +0100, Vincent Lefevre wrote:
> There is another issue (which broke another script): even when the DTD
> is loaded, the entities from the DTD are not expanded.
>
> It seems that setting expand_entities to 1 avoids the issue, but the
> default value is 1. So this shouldn't change anything.
This may be due to https://github.com/shlomif/perl-XML-LibXML/pull/39
(Avoid XXE attacks by default (expand_entities and load_ext_dtd should
default to false)), but in this case, the documentation should be
fixed and these changes should be announced, because this breaks
existing scripts in practice, until they are modified.
For the documentation, there were
https://github.com/shlomif/perl-XML-LibXML/pull/47
https://github.com/shlomif/perl-XML-LibXML/pull/48
but they were closed on 21 Jul 2021. I don't know why.
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the pkg-perl-maintainers
mailing list