prosody
0.11.12
doc/names.txt
Software / code / prosody
File
doc/names.txt @ 12181:783056b4e448 0.11 0.11.12
util.xml: Do not allow doctypes, comments or processing instructions
Yes. This is as bad as it sounds. CVE pending.
In Prosody itself, this only affects mod_websocket, which uses util.xml
to parse the <open/> frame, thus allowing unauthenticated remote DoS
using Billion Laughs. However, third-party modules using util.xml may
also be affected by this.
This commit installs handlers which disallow the use of doctype
declarations and processing instructions without any escape hatch. It,
by default, also introduces such a handler for comments, however, there
is a way to enable comments nontheless.
This is because util.xml is used to parse human-facing data, where
comments are generally a desirable feature, and also because comments
are generally harmless.
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Mon, 10 Jan 2022 18:23:54 +0100 |
| parent | 8728:41c959c5c84b |
line wrap: on
line source
lxmppd - ... dia - Greek, 'through', pronounced "dee-ah", root of "dialogue" metaphor - An imaginative comparison between two actions/objects etc which is not literally applicable. minstrel - Itinerant medieval musician/singer/story teller/poet. parody - Imitation of a poem or another poet's style for comic/satiric effect. poesy - Archaic word for poetry. Xinshi - Chinese poetic term which literally means 'new poetry'. polylogue - Many conversations Thorns thought of: poe - Derived from "poetry" poezie - Romanian for "poesy" and "poem" Elain - Just a cool name Elane - A variation Eclaire - Idem (French) Adel - Random Younha - Read as "yuna" Quezacotl - Mayan gods -> google for correct form and pronunciation Carbuncle - FF8 Guardian Force ^^ Protos - Mars satellite mins - Derived from minstrel diapoe - gr. dia + poesy/poetry xinshi - I like it for a name just like that loom - The first application I run on the first day of using a computer Lory - Another name I happen to like Loki - Nordic god of mischief, IIRC Luna - Probably taken but I think worth mentioning Coreo - Random thought Miria - Also random Lora - Idem Kraken - :P Nebula - .
