4 files changed, 39 insertions, 35 deletions

diff --git a/lib/rexml/document.rb b/lib/rexml/document.rb
index 1c67da8718..4b73696930 100644
--- a/lib/rexml/document.rb
+++ b/lib/rexml/document.rb
@@ -1,3 +1,4 @@
+require "rexml/security"
 require "rexml/element"
 require "rexml/xmldecl"
 require "rexml/source"
@@ -245,37 +246,37 @@ module REXML
 
     # Set the entity expansion limit. By default the limit is set to 10000.
     #
-    # Deprecated. Use REXML.entity_expansion_limit= instead.
+    # Deprecated. Use REXML::Security.entity_expansion_limit= instead.
     def Document::entity_expansion_limit=( val )
-      REXML.entity_expansion_limit = val
+      Security.entity_expansion_limit = val
     end
 
     # Get the entity expansion limit. By default the limit is set to 10000.
     #
-    # Deprecated. Use REXML.entity_expansion_limit= instead.
+    # Deprecated. Use REXML::Security.entity_expansion_limit= instead.
     def Document::entity_expansion_limit
-      return REXML.entity_expansion_limit
+      return Security.entity_expansion_limit
     end
 
     # Set the entity expansion limit. By default the limit is set to 10240.
     #
-    # Deprecated. Use REXML.entity_expansion_text_limit= instead.
+    # Deprecated. Use REXML::Security.entity_expansion_text_limit= instead.
     def Document::entity_expansion_text_limit=( val )
-      REXML.entity_expansion_text_limit = val
+      Security.entity_expansion_text_limit = val
     end
 
     # Get the entity expansion limit. By default the limit is set to 10240.
     #
-    # Deprecated. Use REXML.entity_expansion_text_limit instead.
+    # Deprecated. Use REXML::Security.entity_expansion_text_limit instead.
     def Document::entity_expansion_text_limit
-      return REXML.entity_expansion_text_limit
+      return Security.entity_expansion_text_limit
     end
 
     attr_reader :entity_expansion_count
 
     def record_entity_expansion
       @entity_expansion_count += 1
-      if @entity_expansion_count > REXML.entity_expansion_limit
+      if @entity_expansion_count > Security.entity_expansion_limit
         raise "number of entity expansions exceeded, processing aborted."
       end
     end
diff --git a/lib/rexml/rexml.rb b/lib/rexml/rexml.rb
index 472fadb7ee..f89951171a 100644
--- a/lib/rexml/rexml.rb
+++ b/lib/rexml/rexml.rb
@@ -28,28 +28,4 @@ module REXML
 
   Copyright = COPYRIGHT
   Version = VERSION
-
-  @@entity_expansion_limit = 10_000
-
-  # Set the entity expansion limit. By default the limit is set to 10000.
-  def self.entity_expansion_limit=( val )
-    @@entity_expansion_limit = val
-  end
-
-  # Get the entity expansion limit. By default the limit is set to 10000.
-  def self.entity_expansion_limit
-    return @@entity_expansion_limit
-  end
-
-  @@entity_expansion_text_limit = 10_240
-
-  # Set the entity expansion limit. By default the limit is set to 10240.
-  def self.entity_expansion_text_limit=( val )
-    @@entity_expansion_text_limit = val
-  end
-
-  # Get the entity expansion limit. By default the limit is set to 10240.
-  def self.entity_expansion_text_limit
-    return @@entity_expansion_text_limit
-  end
 end
diff --git a/lib/rexml/security.rb b/lib/rexml/security.rb
new file mode 100644
index 0000000000..593b652dc6
--- /dev/null
+++ b/lib/rexml/security.rb
@@ -0,0 +1,27 @@
+module REXML
+  module Security
+    @@entity_expansion_limit = 10_000
+
+    # Set the entity expansion limit. By default the limit is set to 10000.
+    def self.entity_expansion_limit=( val )
+      @@entity_expansion_limit = val
+    end
+
+    # Get the entity expansion limit. By default the limit is set to 10000.
+    def self.entity_expansion_limit
+      return @@entity_expansion_limit
+    end
+
+    @@entity_expansion_text_limit = 10_240
+
+    # Set the entity expansion limit. By default the limit is set to 10240.
+    def self.entity_expansion_text_limit=( val )
+      @@entity_expansion_text_limit = val
+    end
+
+    # Get the entity expansion limit. By default the limit is set to 10240.
+    def self.entity_expansion_text_limit
+      return @@entity_expansion_text_limit
+    end
+  end
+end
diff --git a/lib/rexml/text.rb b/lib/rexml/text.rb
index 7b00b0f104..6624e2a91e 100644
--- a/lib/rexml/text.rb
+++ b/lib/rexml/text.rb
@@ -1,4 +1,4 @@
-require 'rexml/rexml'
+require 'rexml/security'
 require 'rexml/entity'
 require 'rexml/doctype'
 require 'rexml/child'
@@ -384,7 +384,7 @@ module REXML
       sum = 0
       string.gsub( /\r\n?/, "\n" ).gsub( REFERENCE ) {
         s = Text.expand($&, doctype, filter)
-        if sum + s.bytesize > REXML.entity_expansion_text_limit
+        if sum + s.bytesize > Security.entity_expansion_text_limit
           raise "entity expansion has grown too large"
         else
           sum += s.bytesize