From a6bceb2a8e55a4720e4a825a75c159220bd7f4f2 Mon Sep 17 00:00:00 2001
From: Jacques Distler <distler@golem.ph.utexas.edu>
Date: Mon, 1 Mar 2010 12:27:04 -0600
Subject: [PATCH] Ensure that itex endpoint returns well-formed XML

Since itex's \begin{svg}...\end{svg} syntax allows
the client to pass arbitrary junk through the document,
we need to check that the result is well-formed.

Use a pluggable XML parser: nokogiri, if installed,
REXML otherwise.
---
 app/metal/itex.rb | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/app/metal/itex.rb b/app/metal/itex.rb
index b63c027a..075e3656 100644
--- a/app/metal/itex.rb
+++ b/app/metal/itex.rb
@@ -13,7 +13,20 @@ class Itex
   end
   
   private
-  
+
+  # plugable XML parser; falls back to REXML
+  begin
+    require 'nokogiri'
+    def self.xmlparse(text)
+      Nokogiri::XML(text) { |config| config.options = Nokogiri::XML::ParseOptions::STRICT }
+    end
+  rescue LoadError
+    require 'rexml/document'
+    def self.xmlparse(text)
+      REXML::Document.new(text)
+    end
+  end
+    
   def self.response(env)
     @params = Rack::Request.new(env).params
     tex = (@params['tex'] || '').purify
@@ -30,7 +43,14 @@ class Itex
     begin
       require 'itextomml'
       @itex2mml_parser ||=  Itex2MML::Parser.new
-      @itex2mml_parser.send(filter, tex).to_utf8
+      doc = @itex2mml_parser.send(filter, tex).to_utf8
+      # make sure the result is well-formed, before sending it off
+      begin
+        xmlparse(doc)
+      rescue
+        return estart +"Ill-formed XML." + eend
+      end
+      return doc
     rescue LoadError
       estart + "Please install the itex2MML Ruby bindings." + eend  
     rescue Itex2MML::Error => e