Configure size limits for XML

cloudflare · Sep 5, 2023 · 4d41498 · 4d41498
1 parent 8d48b60
commit 4d41498
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 9 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,23 +1,23 @@
 [package]
 name = "svg-hush"
 authors = ["Cloudflare <https://cloudflare.com>"]
-version = "0.9.4"
+version = "0.9.5"
 edition = "2021"
 description = "Strip scripting and other abusable features from SVG files"
 categories = ["multimedia::images"]
 keywords = ["xss", "sanitizer", "purify", "filter", "security"]
 license = "Apache-2.0 OR MIT"
 exclude = ["tests/"]
 repository = "https://github.com/cloudflare/svg-hush"
-rust-version = "1.57"
+rust-version = "1.58"
 
 [dependencies]
 once_cell = "1.15.0"
 data-url = "0.3.0"
 base64 = "0.13.0"
 quick-error = "2.0.1"
 url = "2.3.1"
-xml-rs = "0.8.16"
+xml-rs = "0.8.17"
 
 [package.metadata.release]
 tag-name = "{{version}}"

diff --git a/src/lib.rs b/src/lib.rs
@@ -221,7 +221,11 @@ impl Filter {
             .cdata_to_characters(true)
             .ignore_comments(true)
             .coalesce_characters(false)
-            .allow_multiple_root_elements(false);
+            .allow_multiple_root_elements(false)
+            .max_attributes(200)
+            .max_entity_expansion_depth(3)
+            .max_data_length(1<<28)
+            .max_name_length(1000);
         if let Some(ct) = &self.content_type {
             config = config.content_type(&ct);
         }