diff options
Diffstat (limited to 'test/rexml/test_document.rb')
-rw-r--r-- | test/rexml/test_document.rb | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/test/rexml/test_document.rb b/test/rexml/test_document.rb index cec9452373..efdcf66b82 100644 --- a/test/rexml/test_document.rb +++ b/test/rexml/test_document.rb @@ -47,6 +47,20 @@ EOF </member> EOF + XML_WITH_NESTED_PARAMETER_ENTITY = <<EOF +<!DOCTYPE root [ + <!ENTITY % a "BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM."> + <!ENTITY % b "%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;"> + <!ENTITY % c "%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;"> + <!ENTITY % d "%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;"> + <!ENTITY % e "%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;"> + <!ENTITY % f "%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;"> + <!ENTITY % g "%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;"> + <!ENTITY test "test %g;"> +]> +<cd></cd> +EOF + XML_WITH_4_ENTITY_EXPANSION = <<EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE member [ @@ -85,6 +99,19 @@ EOF REXML::Security.entity_expansion_limit = 10000 end + def test_entity_expansion_limit_for_parameter_entity + assert_raise(REXML::ParseException) do + REXML::Document.new(XML_WITH_NESTED_PARAMETER_ENTITY) + end + REXML::Security.entity_expansion_limit = 100 + assert_equal(100, REXML::Security.entity_expansion_limit) + assert_raise(REXML::ParseException) do + REXML::Document.new(XML_WITH_NESTED_PARAMETER_ENTITY) + end + ensure + REXML::Security.entity_expansion_limit = 10000 + end + def test_tag_in_cdata_with_not_ascii_only_but_ascii8bit_encoding_source tag = "<b>...</b>" message = "こんにちは、世界!" # Hello world! in Japanese |