Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOC] Parse options doc #3360

Merged
merged 5 commits into from
Jan 22, 2025
Merged

[DOC] Parse options doc #3360

merged 5 commits into from
Jan 22, 2025

Conversation

BurdetteLamar
Copy link
Contributor

What problem is this PR intended to solve?

Improvements to doc for XML::ParseOptions.

Have you included adequate test coverage?

N/A. All doc.

Does this change affect the behavior of either the C or the Java implementations?

No.

@flavorjones
Copy link
Member

Thank you for opening this! I apologize for not having made time to review this yet. I will do so in the next few days!

flavorjones
flavorjones reviewed Jan 19, 2025
View reviewed changes
Copy link
Member

@flavorjones flavorjones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry it took so long to circle back on this PR. Thank you so much for the time you've invested!

lib/nokogiri/xml/parse_options.rb Outdated Show resolved Hide resolved
lib/nokogiri/xml/parse_options.rb Show resolved Hide resolved
lib/nokogiri/xml/parse_options.rb Show resolved Hide resolved
lib/nokogiri/xml/parse_options.rb Outdated Show resolved Hide resolved
lib/nokogiri/xml/parse_options.rb Outdated Show resolved Hide resolved
lib/nokogiri/xml/parse_options.rb Show resolved Hide resolved
lib/nokogiri/xml/parse_options.rb Show resolved Hide resolved
lib/nokogiri/xml/parse_options.rb Show resolved Hide resolved
lib/nokogiri/xml/parse_options.rb Show resolved Hide resolved
lib/nokogiri/xml/parse_options.rb Outdated Show resolved Hide resolved
flavorjones
flavorjones approved these changes Jan 22, 2025
View reviewed changes
Copy link
Member

@flavorjones flavorjones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great! I rebased onto origin/main and made a few small whitespace changes to please rubocop and make sure it's indented consistently.

@flavorjones flavorjones merged commit 65fa87c into sparklemotion:main Jan 22, 2025
15 of 16 checks passed
@flavorjones
Copy link
Member

Thank you so much, @BurdetteLamar!

@nwellnhof
Copy link

@flavorjones Some additional notes from me:

  • DTDATTR and DTDVALID imply DTDLOAD and are unsafe as well.
  • SAX1 should probably not be exposed.
  • NODICT should probably not be exposed.
  • XINCLUDE, NOXINCNODE and NOBASEFIX are only used by the XML Reader and XInclude API.
  • HUGE is safe these days.

@flavorjones
Copy link
Member

flavorjones commented Jan 29, 2025
edited
Loading

@nwellnhof Thanks for the additional notes, either @BurdetteLamar or I will circle back on these docs and make some more changes.

Do you know offhand when HUGE became safe to enable? I'd like to enable it by default if Nokogiri is built with an appropriate version of libxml2.

@nwellnhof
Copy link

Do you know offhand when HUGE became safe to enable?

I'd say since CVE-2022-40303 was fixed, so 2.10 and later should be safe. The fix was backported to several older distros as well.

@nwellnhof
Copy link

I also finalized the design of new options for 2.14, so I simply leave this here:

  • UNZIP: Enable decompression. This option has no real effect for now. The plan is that users who really need decompression start to add the option. At a later point, it will be required to enable decompression.
  • NO_SYS_CATALOG: Don't use system catalogs when resolving DTDs or entities.
  • CATALOG_PI: Enable oasis-xml-catalog PIs. This is a really obscure feature that should have never been enabled by default. I don't think your users need it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flavorjones flavorjones flavorjones approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@BurdetteLamar @flavorjones @nwellnhof