-
Notifications
You must be signed in to change notification settings - Fork 17.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
encoding/xml: decoding XML with entities not supported #35389
Comments
Thank you very much for your reply, but it doesn't seem to have been resolved. #4196 is a parsing bug, but it only outputs the value in XML, not the value of entity. So it didn't solve my problem. What I expect is when parsing the following XML:
The value of name can be |
This would need to be off by default for security reasons. See the exponential blowup and quadratic blowup attacks. |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
I parsed the XML with the entity, but the part with the entity was not parsed (the entity value is in the DTD).
I checked the documentation and set
xml.Decoder.Strict
to false. What appears is the entity itself, not the value of the entity.This is my program:
https://play.golang.org/p/pxIrus-iW8b
What did you expect to see?
What did you see instead?
When d.Strict = true, there is nothing.
When d.Strict = false, output:
The text was updated successfully, but these errors were encountered: