IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
It's possible to create references to predefined entities using the tree
API. This edge case was exposed by making predefined entities const in
commit 63ce5f9a.
xmlNewCharRef also tries to handle strings like '&name;' but in
xmlNodeParseContentInternal, we really want to use the possibly invalid
name without modification. Otherwise, content like '&"' could
create a reference to a predefined entity.
This should only be done in xmlParseReference.
The handling of undeclared entities is still somewhat inconsistent. In
element content we create references even if entity substitution is
enabled. In attribute values undeclared entities are always ignored.
Always use XML_WAR_UNDECLARED_ENTITY with warning error level in
documents with external subset or parameter entities. Use
XML_ERR_UNDECLARED_ENTITY otherwise.
Also decode entities in namespace URIs if entity substitution wasn't
requested. This should fix some corner cases when comparing namespace
URIs. The Namespaces in XML 1.0 spec says:
> In a namespace declaration, the URI reference is the normalized value
> of the attribute, so replacement of XML character and entity
> references has already been done before any comparison.
Make the serialization code escape special characters in namespace URIs
like in attribute values. This fixes serialization if entities were
substituted when parsing.
Fixes https://gitlab.gnome.org/GNOME/libxslt/-/issues/106
Revert part of commit c5a8aef2 to make it safe to call the default SAX
error handlers directly. This has been deprecated for a long time but
even xmllint still uses these handlers.
Should fix#713.
Most string functions can assume valid UTF-8. In order to detect malloc
failures reliably, xmlUTF8Strsub should only return NULL if the start
index is out of bounds or a memory allocation failed.
libxml2 has limited support for reading and writing compressed data
with the help of zlib and liblzma which used to be enabled by default.
This only works for files read from the file system and never worked
with memory buffers. My guess is that this feature is virtually unused.
In light of the recently discovered xz backdoor, it's a good time to
disable these features by default to reduce attack surface and prepare
for eventual removal.
If --with-legacy is passed to the Autotools build, compression will
be enabled by default as before.
