You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
libxml2 has long had default limits on document size in order to prevent untrusted documents from creating an OOM condition and potentially using that as a denial-of-service attack vector. These limits can be removed for trusted documents by setting the HUGE parse option.
libgumbo does not have limits like this, and this issue is being created to discuss the need and possible implementations.
Background
This topic was first raised in #2941 where @stevecheckoway and I discussed the shape of the issue.
The text was updated successfully, but these errors were encountered:
It's nice to have "sanity check" type of limits, but silently truncating stuff is not good. Very hard to debug. Please make it raise an error. Ideally have multiple safeties, so we raise on any of
Summary
libxml2 has long had default limits on document size in order to prevent untrusted documents from creating an OOM condition and potentially using that as a denial-of-service attack vector. These limits can be removed for trusted documents by setting the
HUGE
parse option.libgumbo does not have limits like this, and this issue is being created to discuss the need and possible implementations.
Background
This topic was first raised in #2941 where @stevecheckoway and I discussed the shape of the issue.
The text was updated successfully, but these errors were encountered: