Ensure that itex endpoint returns well-formed XML

Since itex's \begin{svg}...\end{svg} syntax allows
the client to pass arbitrary junk through the document,
we need to check that the result is well-formed.

Use a pluggable XML parser: nokogiri, if installed,
REXML otherwise.
This commit is contained in:
Jacques Distler 2010-03-01 12:27:04 -06:00
parent 7b22daa784
commit a6bceb2a8e

View file

@ -14,6 +14,19 @@ class Itex
private private
# plugable XML parser; falls back to REXML
begin
require 'nokogiri'
def self.xmlparse(text)
Nokogiri::XML(text) { |config| config.options = Nokogiri::XML::ParseOptions::STRICT }
end
rescue LoadError
require 'rexml/document'
def self.xmlparse(text)
REXML::Document.new(text)
end
end
def self.response(env) def self.response(env)
@params = Rack::Request.new(env).params @params = Rack::Request.new(env).params
tex = (@params['tex'] || '').purify tex = (@params['tex'] || '').purify
@ -30,7 +43,14 @@ class Itex
begin begin
require 'itextomml' require 'itextomml'
@itex2mml_parser ||= Itex2MML::Parser.new @itex2mml_parser ||= Itex2MML::Parser.new
@itex2mml_parser.send(filter, tex).to_utf8 doc = @itex2mml_parser.send(filter, tex).to_utf8
# make sure the result is well-formed, before sending it off
begin
xmlparse(doc)
rescue
return estart +"Ill-formed XML." + eend
end
return doc
rescue LoadError rescue LoadError
estart + "Please install the itex2MML Ruby bindings." + eend estart + "Please install the itex2MML Ruby bindings." + eend
rescue Itex2MML::Error => e rescue Itex2MML::Error => e