diff options
| author | Lars Knoll <lars.knoll@qt.io> | 2020-02-28 08:40:53 +0100 |
|---|---|---|
| committer | Lars Knoll <lars.knoll@qt.io> | 2020-02-28 09:48:30 +0100 |
| commit | a450cce6b670dbcac84fcc4a66fc632b31ce8414 (patch) | |
| tree | 35b77fa22c4def97b619bd3a87f6d394e452bb2e /src/corelib/serialization/qxmlstream.cpp | |
| parent | f6f6eab89f57fb0db8f623f4a92a7b9c4ba6e9ea (diff) | |
| parent | 4c86e667d220e27bb4b6e370675ffb2872e8521c (diff) | |
Merge remote-tracking branch 'origin/5.15' into dev
Change-Id: I469b0501cc65fc5ce4d797a69ae89405cc69c7f8
Diffstat (limited to 'src/corelib/serialization/qxmlstream.cpp')
| -rw-r--r-- | src/corelib/serialization/qxmlstream.cpp | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp index 7ff87885a53..d7fb0d0d418 100644 --- a/src/corelib/serialization/qxmlstream.cpp +++ b/src/corelib/serialization/qxmlstream.cpp @@ -2041,6 +2041,42 @@ QStringRef QXmlStreamReader::dtdSystemId() const return QStringRef(); } +/*! + \since 5.15 + + Returns the maximum amount of characters a single entity is + allowed to expand into. If a single entity expands past the + given limit, the document is not considered well formed. + + \sa setEntityExpansionLimit +*/ +int QXmlStreamReader::entityExpansionLimit() const +{ + Q_D(const QXmlStreamReader); + return d->entityExpansionLimit; +} + +/*! + \since 5.15 + + Sets the maximum amount of characters a single entity is + allowed to expand into to \a limit. If a single entity expands + past the given limit, the document is not considered well formed. + + The limit is there to prevent DoS attacks when loading unknown + XML documents where recursive entity expansion could otherwise + exhaust all available memory. + + The default value for this property is 4096 characters. + + \sa entityExpansionLimit +*/ +void QXmlStreamReader::setEntityExpansionLimit(int limit) +{ + Q_D(QXmlStreamReader); + d->entityExpansionLimit = limit; +} + /*! If the tokenType() is \l StartElement, this function returns the element's namespace declarations. Otherwise an empty vector is returned. |