Any specific reason to use NOENT?

Question

Any specific reason to use NOENT?

Closed this issue 5 years ago · 4 comments

@ckruse Hi Christian, found NOENT in both rbLibXMLParser.rb and rbNokogiriParser.rb
Passing NOENT as parsing option is risky.

Passing NOENT (which is used to substitute entities) as parsing options permits processing of entities, including both regular and external. That means NONET and NODTDLOAD will be of no use if NOENT is there.

Take a look at this:
sparklemotion/nokogiri#1582 (comment)

This is why Nokogiri team strictly suggests using default parsing options:
DEFAULT_XML = RECOVER | NONET

Answer 1 · 2019-12-06T06:47:31.000Z

Hm. I actually don't remember anymore. It is several years ago that I wrote this code. Following the links you posted it seems to make sense to disable it. Do you mind to create a pull request?

Answer 2 · 2019-12-06T06:50:39.000Z

Hi Christian, thanks for the quick response. Sure! creating a Pull Request.

Answer 3 · 2019-12-06T07:50:25.000Z

fixed by #56

Answer 4 · 2019-12-06T07:53:21.000Z

I pushed a new version