On 13/02/13 11:37, Michael Stahl wrote:
On 13/02/13 10:53, Jan Holesovsky wrote:
Yes - unhelpful ;-) I've had a better look, and it is down to throwing
"SaxExpatParser: internal entity declaration, stopping", added by
Michael S.:
http://lists.freedesktop.org/archives/libreoffice-commits/2012-May/031218.html
Michael, can you please have a look? The SVG.odp from fdo#60471 throws
that when parsing Pictures/100020E100000000000000009BE89C15.svg that
contains
<!ENTITY ns_flows "http://ns.adobe.com/Flows/1.0/";>
both parsers in the sax module abort on the first XML entity
encountered, to make the import filters robust against "billion laughs"
kind of Denial of Service attacks.
http://en.wikipedia.org/wiki/Billion_laughs
how common is it anyway to have these internal entities in SVG files?
apparently Adobe Illustrator is written by monkeys who thought the
following gratuitous nonsense is a good way to define XML namespaces:
<!DOCTYPE svg PUBLIC [...]
<!ENTITY ns_flows "http://ns.adobe.com/Flows/1.0/";>
<!ENTITY ns_svg "http://www.w3.org/2000/svg";>
<!ENTITY ns_xlink "http://www.w3.org/1999/xlink";>
]>
<svg [...] xmlns:xlink="&ns_xlink;" xmlns="&ns_svg;" [...] >
sigh... guess i'll have to add a parameter to the SAX parser so it can
still ignore entities when reading ODF files...
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.