Help with fdo#60471
Michael Stahl
mstahl at redhat.com
Wed Feb 13 02:50:41 PST 2013
On 13/02/13 11:37, Michael Stahl wrote:
> On 13/02/13 10:53, Jan Holesovsky wrote:
>>
>> Yes - unhelpful ;-) I've had a better look, and it is down to throwing
>> "SaxExpatParser: internal entity declaration, stopping", added by
>> Michael S.:
>>
>> http://lists.freedesktop.org/archives/libreoffice-commits/2012-May/031218.html
>>
>> Michael, can you please have a look? The SVG.odp from fdo#60471 throws
>> that when parsing Pictures/100020E100000000000000009BE89C15.svg that
>> contains
>>
>> <!ENTITY ns_flows "http://ns.adobe.com/Flows/1.0/">
>
> both parsers in the sax module abort on the first XML entity
> encountered, to make the import filters robust against "billion laughs"
> kind of Denial of Service attacks.
>
> http://en.wikipedia.org/wiki/Billion_laughs
>
> how common is it anyway to have these internal entities in SVG files?
apparently Adobe Illustrator is written by monkeys who thought the
following gratuitous nonsense is a good way to define XML namespaces:
<!DOCTYPE svg PUBLIC [...]
<!ENTITY ns_flows "http://ns.adobe.com/Flows/1.0/">
<!ENTITY ns_svg "http://www.w3.org/2000/svg">
<!ENTITY ns_xlink "http://www.w3.org/1999/xlink">
]>
<svg [...] xmlns:xlink="&ns_xlink;" xmlns="&ns_svg;" [...] >
sigh... guess i'll have to add a parameter to the SAX parser so it can
still ignore entities when reading ODF files...
More information about the LibreOffice
mailing list