Refresh patches.
Debian Janitor
1 year, 11 months ago
0 | ; Copyright (c) Rich Hickey. All rights reserved. | |
1 | ; The use and distribution terms for this software are covered by the | |
2 | ; Eclipse Public License 1.0 (http://opensource.org/licenses/eclipse-1.0.php) | |
3 | ; which can be found in the file epl-v10.html at the root of this distribution. | |
4 | ; By using this software in any fashion, you are agreeing to be bound by | |
5 | ; the terms of this license. | |
6 | ; You must not remove this notice, or any other, from this software. | |
7 | ||
8 | ;;Author: Frantisek Sodomka | |
9 | ||
10 | ||
11 | (ns clojure.test-clojure.clojure-xml | |
12 | (:use clojure.test) | |
13 | (:require [clojure.xml :as xml]) | |
14 | (:import [java.io ByteArrayInputStream])) | |
15 | ||
16 | (deftest CLJ-2611-avoid-XXE | |
17 | (let [xml-str "<?xml version=\"1.0\" encoding=\"UTF-8\" ?> | |
18 | <!DOCTYPE foo [ | |
19 | <!ELEMENT foo ANY > | |
20 | <!ENTITY xxe SYSTEM \"file:///etc/hostname\" >]> | |
21 | <foo>&xxe;</foo>"] | |
22 | (is (= {:tag :foo, :attrs nil, :content nil} | |
23 | (with-open [input (ByteArrayInputStream. (.getBytes xml-str))] | |
24 | (xml/parse input)))))) | |
25 | ; parse | |
26 | ||
27 | ; emit-element | |
28 | ; emit | |
29 |