Don't expand entities when parsing XML (!7) · Merge requests · libosinfo / libosinfo

Fabiano Fidêncio requested to merge fidencio/libosinfo:wip/dont_expand_entities_when_parsing_xml into master Aug 12, 2019

The XML_PARSE_NOENT flag to libxml will cause it to expand all entities in the input XML document when parsing. Doing this is bad practice if the XML input file comes from an untrusted source, because it can cause the XML parser to load arbitrary files that are readable by the user running XML parsing.

This is basically the same fix as 47233d0b9dc (from osinfo-db-tools)

Don't expand entities when parsing XML

Merge request reports