Upgrade expat to R_2_4_1
Test: make
Change-Id: I4a5decaf80b7aa290b5539c67c93c5f44720cd04
diff --git a/doc/reference.html b/doc/reference.html
index 1e4780e..309cb24 100644
--- a/doc/reference.html
+++ b/doc/reference.html
@@ -3,26 +3,54 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
-<!-- Copyright 1999,2000 Clark Cooper <coopercc@netheaven.com>
- All rights reserved.
- This is free software. You may distribute or modify according to
- the terms of the MIT/X License -->
+<!--
+ __ __ _
+ ___\ \/ /_ __ __ _| |_
+ / _ \\ /| '_ \ / _` | __|
+ | __// \| |_) | (_| | |_
+ \___/_/\_\ .__/ \__,_|\__|
+ |_| XML parser
+
+ Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
+ Copyright (c) 2000-2004 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
+ Copyright (c) 2002-2012 Karl Waclawek <karl@waclawek.net>
+ Copyright (c) 2017-2021 Sebastian Pipping <sebastian@pipping.org>
+ Copyright (c) 2017 Jakub Wilk <jwilk@jwilk.net>
+ Copyright (c) 2021 Tomas Korbar <tkorbar@redhat.com>
+ Licensed under the MIT license:
+
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to permit
+ persons to whom the Software is furnished to do so, subject to the
+ following conditions:
+
+ The above copyright notice and this permission notice shall be included
+ in all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+ DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+ OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+ USE OR OTHER DEALINGS IN THE SOFTWARE.
+-->
<title>Expat XML Parser</title>
<meta name="author" content="Clark Cooper, coopercc@netheaven.com" />
<meta http-equiv="Content-Style-Type" content="text/css" />
+ <link href="ok.min.css" rel="stylesheet" type="text/css" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
- <table cellspacing="0" cellpadding="0" width="100%">
- <tr>
- <td class="corner"><img src="expat.png" alt="(Expat logo)" /></td>
- <td class="banner"><h1>The Expat XML Parser</h1></td>
- </tr>
- <tr>
- <td class="releaseno">Release 2.0.1</td>
- <td></td>
- </tr>
- </table>
+ <div>
+ <h1>
+ The Expat XML Parser
+ <small>Release 2.4.1</small>
+ </h1>
+ </div>
<div class="content">
<p>Expat is a library, written in C, for parsing XML documents. It's
@@ -120,6 +148,13 @@
<li><a href="#XML_GetInputContext">XML_GetInputContext</a></li>
</ul>
</li>
+ <li>
+ <a href="#billion-laughs">Billion Laughs Attack Protection</a>
+ <ul>
+ <li><a href="#XML_SetBillionLaughsAttackProtectionMaximumAmplification">XML_SetBillionLaughsAttackProtectionMaximumAmplification</a></li>
+ <li><a href="#XML_SetBillionLaughsAttackProtectionActivationThreshold">XML_SetBillionLaughsAttackProtectionActivationThreshold</a></li>
+ </ul>
+ </li>
<li><a href="#miscellaneous">Miscellaneous Functions</a>
<ul>
<li><a href="#XML_SetUserData">XML_SetUserData</a></li>
@@ -900,7 +935,8 @@
<h3><a name="creation">Parser Creation</a></h3>
-<pre class="fcndec" id="XML_ParserCreate">
+<h4 id="XML_ParserCreate">XML_ParserCreate</h4>
+<pre class="fcndec">
XML_Parser XMLCALL
XML_ParserCreate(const XML_Char *encoding);
</pre>
@@ -917,7 +953,8 @@
Any other value will invoke a call to the UnknownEncodingHandler.
</div>
-<pre class="fcndec" id="XML_ParserCreateNS">
+<h4 id="XML_ParserCreateNS">XML_ParserCreateNS</h4>
+<pre class="fcndec">
XML_Parser XMLCALL
XML_ParserCreateNS(const XML_Char *encoding,
XML_Char sep);
@@ -936,7 +973,8 @@
to support RDF processors. It is a programming error to use the null separator
with <a href= "#XML_SetReturnNSTriplet">namespace triplets</a>.</div>
-<pre class="fcndec" id="XML_ParserCreate_MM">
+<h4 id="XML_ParserCreate_MM">XML_ParserCreate_MM</h4>
+<pre class="fcndec">
XML_Parser XMLCALL
XML_ParserCreate_MM(const XML_Char *encoding,
const XML_Memory_Handling_Suite *ms,
@@ -958,7 +996,8 @@
the namespace URI and the local part of the name.</p>
</div>
-<pre class="fcndec" id="XML_ExternalEntityParserCreate">
+<h4 id="XML_ExternalEntityParserCreate">XML_ExternalEntityParserCreate</h4>
+<pre class="fcndec">
XML_Parser XMLCALL
XML_ExternalEntityParserCreate(XML_Parser p,
const XML_Char *context,
@@ -974,7 +1013,8 @@
differently than the parent parser).
</div>
-<pre class="fcndec" id="XML_ParserFree">
+<h4 id="XML_ParserFree">XML_ParserFree</h4>
+<pre class="fcndec">
void XMLCALL
XML_ParserFree(XML_Parser p);
</pre>
@@ -983,7 +1023,8 @@
freeing any memory associated with <a href="#userdata">user data</a>.
</div>
-<pre class="fcndec" id="XML_ParserReset">
+<h4 id="XML_ParserReset">XML_ParserReset</h4>
+<pre class="fcndec">
XML_Bool XMLCALL
XML_ParserReset(XML_Parser p,
const XML_Char *encoding);
@@ -1014,7 +1055,7 @@
<code><a href= "#XML_ExternalEntityParserCreate"
>XML_ExternalEntityParserCreate</a></code>.</p>
-<p>Note: the <code>len</code> argument passed to these functions
+<p>Note: The <code>len</code> argument passed to these functions
should be considerably less than the maximum value for an integer,
as it could create an integer overflow situation if the added
lengths of a buffer and the unprocessed portion of the previous buffer
@@ -1022,7 +1063,8 @@
will remain unprocessed if it is part of an XML token for which the
end is not part of that buffer.</p>
-<pre class="fcndec" id="XML_Parse">
+<h4 id="XML_Parse">XML_Parse</h4>
+<pre class="fcndec">
enum XML_Status XMLCALL
XML_Parse(XML_Parser p,
const char *s,
@@ -1049,7 +1091,8 @@
Otherwise it returns <code>XML_STATUS_OK</code> value.
</div>
-<pre class="fcndec" id="XML_ParseBuffer">
+<h4 id="XML_ParseBuffer">XML_ParseBuffer</h4>
+<pre class="fcndec">
enum XML_Status XMLCALL
XML_ParseBuffer(XML_Parser p,
int len,
@@ -1063,7 +1106,8 @@
copying of the input.
</div>
-<pre class="fcndec" id="XML_GetBuffer">
+<h4 id="XML_GetBuffer">XML_GetBuffer</h4>
+<pre class="fcndec">
void * XMLCALL
XML_GetBuffer(XML_Parser p,
int len);
@@ -1098,7 +1142,8 @@
</pre>
</div>
-<pre class="fcndec" id="XML_StopParser">
+<h4 id="XML_StopParser">XML_StopParser</h4>
+<pre class="fcndec">
enum XML_Status XMLCALL
XML_StopParser(XML_Parser p,
XML_Bool resumable);
@@ -1111,7 +1156,7 @@
call-back handler, except when aborting (when <code>resumable</code>
is <code>XML_FALSE</code>) an already suspended parser. Some
call-backs may still follow because they would otherwise get
-lost, including
+lost, including</p>
<ul>
<li> the end element handler for empty elements when stopped in the
start element handler,</li>
@@ -1120,7 +1165,7 @@
<li> the character data handler when stopped in the character data handler
while making multiple call-backs on a contiguous chunk of characters,</li>
</ul>
-and possibly others.</p>
+<p>and possibly others.</p>
<p>This can be called from most handlers, including DTD related
call-backs, except when parsing an external parameter entity and
@@ -1166,7 +1211,8 @@
<p>New in Expat 1.95.8.</p>
</div>
-<pre class="fcndec" id="XML_ResumeParser">
+<h4 id="XML_ResumeParser">XML_ResumeParser</h4>
+<pre class="fcndec">
enum XML_Status XMLCALL
XML_ResumeParser(XML_Parser p);
</pre>
@@ -1191,7 +1237,8 @@
<p>New in Expat 1.95.8.</p>
</div>
-<pre class="fcndec" id="XML_GetParsingStatus">
+<h4 id="XML_GetParsingStatus">XML_GetParsingStatus</h4>
+<pre class="fcndec">
void XMLCALL
XML_GetParsingStatus(XML_Parser p,
XML_ParsingStatus *status);
@@ -1240,7 +1287,8 @@
encoding of the document.</p>
<div class="handler">
-<pre class="setter" id="XML_SetStartElementHandler">
+<h4 id="XML_SetStartElementHandler">XML_SetStartElementHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetStartElementHandler(XML_Parser p,
XML_StartElementHandler start);
@@ -1261,7 +1309,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetEndElementHandler">
+<h4 id="XML_SetEndElementHandler">XML_SetEndElementHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetEndElementHandler(XML_Parser p,
XML_EndElementHandler);
@@ -1276,7 +1325,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetElementHandler">
+<h4 id="XML_SetElementHandler">XML_SetElementHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetElementHandler(XML_Parser p,
XML_StartElementHandler start,
@@ -1286,7 +1336,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetCharacterDataHandler">
+<h4 id="XML_SetCharacterDataHandler">XML_SetCharacterDataHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetCharacterDataHandler(XML_Parser p,
XML_CharacterDataHandler charhndl)
@@ -1309,7 +1360,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetProcessingInstructionHandler">
+<h4 id="XML_SetProcessingInstructionHandler">XML_SetProcessingInstructionHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetProcessingInstructionHandler(XML_Parser p,
XML_ProcessingInstructionHandler proc)
@@ -1327,7 +1379,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetCommentHandler">
+<h4 id="XML_SetCommentHandler">XML_SetCommentHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetCommentHandler(XML_Parser p,
XML_CommentHandler cmnt)
@@ -1342,7 +1395,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetStartCdataSectionHandler">
+<h4 id="XML_SetStartCdataSectionHandler">XML_SetStartCdataSectionHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetStartCdataSectionHandler(XML_Parser p,
XML_StartCdataSectionHandler start);
@@ -1355,7 +1409,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetEndCdataSectionHandler">
+<h4 id="XML_SetEndCdataSectionHandler">XML_SetEndCdataSectionHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetEndCdataSectionHandler(XML_Parser p,
XML_EndCdataSectionHandler end);
@@ -1368,7 +1423,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetCdataSectionHandler">
+<h4 id="XML_SetCdataSectionHandler">XML_SetCdataSectionHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetCdataSectionHandler(XML_Parser p,
XML_StartCdataSectionHandler start,
@@ -1378,7 +1434,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetDefaultHandler">
+<h4 id="XML_SetDefaultHandler">XML_SetDefaultHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetDefaultHandler(XML_Parser p,
XML_DefaultHandler hndl)
@@ -1409,7 +1466,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetDefaultHandlerExpand">
+<h4 id="XML_SetDefaultHandlerExpand">XML_SetDefaultHandlerExpand</h4>
+<pre class="setter">
void XMLCALL
XML_SetDefaultHandlerExpand(XML_Parser p,
XML_DefaultHandler hndl)
@@ -1429,7 +1487,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetExternalEntityRefHandler">
+<h4 id="XML_SetExternalEntityRefHandler">XML_SetExternalEntityRefHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetExternalEntityRefHandler(XML_Parser p,
XML_ExternalEntityRefHandler hndl)
@@ -1482,7 +1541,8 @@
information into global or static variables.</p>
</div>
-<pre class="fcndec" id="XML_SetExternalEntityRefHandlerArg">
+<h4 id="XML_SetExternalEntityRefHandlerArg">XML_SetExternalEntityRefHandlerArg</h4>
+<pre class="fcndec">
void XMLCALL
XML_SetExternalEntityRefHandlerArg(XML_Parser p,
void *arg)
@@ -1508,7 +1568,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetSkippedEntityHandler">
+<h4 id="XML_SetSkippedEntityHandler">XML_SetSkippedEntityHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetSkippedEntityHandler(XML_Parser p,
XML_SkippedEntityHandler handler)
@@ -1528,14 +1589,15 @@
has been called.</li>
</ol>
<p>The <code>is_parameter_entity</code> argument will be non-zero for
-a parameter entity and zero for a general entity.</p> <p>Note: skipped
+a parameter entity and zero for a general entity.</p> <p>Note: Skipped
parameter entities in declarations and skipped general entities in
attribute values cannot be reported, because the event would be out of
sync with the reporting of the declarations or attribute values</p>
</div>
<div class="handler">
-<pre class="setter" id="XML_SetUnknownEncodingHandler">
+<h4 id="XML_SetUnknownEncodingHandler">XML_SetUnknownEncodingHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetUnknownEncodingHandler(XML_Parser p,
XML_UnknownEncodingHandler enchandler,
@@ -1584,7 +1646,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetStartNamespaceDeclHandler">
+<h4 id="XML_SetStartNamespaceDeclHandler">XML_SetStartNamespaceDeclHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetStartNamespaceDeclHandler(XML_Parser p,
XML_StartNamespaceDeclHandler start);
@@ -1602,7 +1665,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetEndNamespaceDeclHandler">
+<h4 id="XML_SetEndNamespaceDeclHandler">XML_SetEndNamespaceDeclHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetEndNamespaceDeclHandler(XML_Parser p,
XML_EndNamespaceDeclHandler end);
@@ -1619,7 +1683,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetNamespaceDeclHandler">
+<h4 id="XML_SetNamespaceDeclHandler">XML_SetNamespaceDeclHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetNamespaceDeclHandler(XML_Parser p,
XML_StartNamespaceDeclHandler start,
@@ -1629,7 +1694,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetXmlDeclHandler">
+<h4 id="XML_SetXmlDeclHandler">XML_SetXmlDeclHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetXmlDeclHandler(XML_Parser p,
XML_XmlDeclHandler xmldecl);
@@ -1652,7 +1718,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetStartDoctypeDeclHandler">
+<h4 id="XML_SetStartDoctypeDeclHandler">XML_SetStartDoctypeDeclHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetStartDoctypeDeclHandler(XML_Parser p,
XML_StartDoctypeDeclHandler start);
@@ -1672,7 +1739,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetEndDoctypeDeclHandler">
+<h4 id="XML_SetEndDoctypeDeclHandler">XML_SetEndDoctypeDeclHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetEndDoctypeDeclHandler(XML_Parser p,
XML_EndDoctypeDeclHandler end);
@@ -1686,7 +1754,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetDoctypeDeclHandler">
+<h4 id="XML_SetDoctypeDeclHandler">XML_SetDoctypeDeclHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetDoctypeDeclHandler(XML_Parser p,
XML_StartDoctypeDeclHandler start,
@@ -1696,7 +1765,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetElementDeclHandler">
+<h4 id="XML_SetElementDeclHandler">XML_SetElementDeclHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetElementDeclHandler(XML_Parser p,
XML_ElementDeclHandler eldecl);
@@ -1768,7 +1838,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetAttlistDeclHandler">
+<h4 id="XML_SetAttlistDeclHandler">XML_SetAttlistDeclHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetAttlistDeclHandler(XML_Parser p,
XML_AttlistDeclHandler attdecl);
@@ -1801,7 +1872,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetEntityDeclHandler">
+<h4 id="XML_SetEntityDeclHandler">XML_SetEntityDeclHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetEntityDeclHandler(XML_Parser p,
XML_EntityDeclHandler handler);
@@ -1835,7 +1907,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetUnparsedEntityDeclHandler">
+<h4 id="XML_SetUnparsedEntityDeclHandler">XML_SetUnparsedEntityDeclHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetUnparsedEntityDeclHandler(XML_Parser p,
XML_UnparsedEntityDeclHandler h)
@@ -1861,7 +1934,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetNotationDeclHandler">
+<h4 id="XML_SetNotationDeclHandler">XML_SetNotationDeclHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetNotationDeclHandler(XML_Parser p,
XML_NotationDeclHandler h)
@@ -1878,7 +1952,8 @@
</div>
<div class="handler">
-<pre class="setter" id="XML_SetNotStandaloneHandler">
+<h4 id="XML_SetNotStandaloneHandler">XML_SetNotStandaloneHandler</h4>
+<pre class="setter">
void XMLCALL
XML_SetNotStandaloneHandler(XML_Parser p,
XML_NotStandaloneHandler h)
@@ -1913,7 +1988,8 @@
DTD. In other words, they usually return bogus information when
called from within a DTD declaration handler.</p>
-<pre class="fcndec" id="XML_GetErrorCode">
+<h4 id="XML_GetErrorCode">XML_GetErrorCode</h4>
+<pre class="fcndec">
enum XML_Error XMLCALL
XML_GetErrorCode(XML_Parser p);
</pre>
@@ -1921,7 +1997,8 @@
Return what type of error has occurred.
</div>
-<pre class="fcndec" id="XML_ErrorString">
+<h4 id="XML_ErrorString">XML_ErrorString</h4>
+<pre class="fcndec">
const XML_LChar * XMLCALL
XML_ErrorString(enum XML_Error code);
</pre>
@@ -1931,7 +2008,8 @@
<code><a href= "#XML_GetErrorCode" >XML_GetErrorCode</a></code>.
</div>
-<pre class="fcndec" id="XML_GetCurrentByteIndex">
+<h4 id="XML_GetCurrentByteIndex">XML_GetCurrentByteIndex</h4>
+<pre class="fcndec">
XML_Index XMLCALL
XML_GetCurrentByteIndex(XML_Parser p);
</pre>
@@ -1942,7 +2020,8 @@
"#XML_GetCurrentColumnNumber" >XML_GetCurrentColumnNumber</a></code>.
</div>
-<pre class="fcndec" id="XML_GetCurrentLineNumber">
+<h4 id="XML_GetCurrentLineNumber">XML_GetCurrentLineNumber</h4>
+<pre class="fcndec">
XML_Size XMLCALL
XML_GetCurrentLineNumber(XML_Parser p);
</pre>
@@ -1951,7 +2030,8 @@
<code>1</code>.
</div>
-<pre class="fcndec" id="XML_GetCurrentColumnNumber">
+<h4 id="XML_GetCurrentColumnNumber">XML_GetCurrentColumnNumber</h4>
+<pre class="fcndec">
XML_Size XMLCALL
XML_GetCurrentColumnNumber(XML_Parser p);
</pre>
@@ -1960,7 +2040,8 @@
the position.
</div>
-<pre class="fcndec" id="XML_GetCurrentByteCount">
+<h4 id="XML_GetCurrentByteCount">XML_GetCurrentByteCount</h4>
+<pre class="fcndec">
int XMLCALL
XML_GetCurrentByteCount(XML_Parser p);
</pre>
@@ -1972,7 +2053,8 @@
separate start and end tags).
</div>
-<pre class="fcndec" id="XML_GetInputContext">
+<h4 id="XML_GetInputContext">XML_GetInputContext</h4>
+<pre class="fcndec">
const char * XMLCALL
XML_GetInputContext(XML_Parser p,
int *offset,
@@ -1998,12 +2080,105 @@
return NULL.</p>
</div>
+<h3><a name="billion-laughs">Billion Laughs Attack Protection</a></h3>
+
+<p>The functions in this section configure the built-in
+ protection against various forms of
+ <a href="https://en.wikipedia.org/wiki/Billion_laughs_attack">billion laughs attacks</a>.</p>
+
+<h4 id="XML_SetBillionLaughsAttackProtectionMaximumAmplification">XML_SetBillionLaughsAttackProtectionMaximumAmplification</h4>
+<pre class="fcndec">
+/* Added in Expat 2.4.0. */
+XML_Bool XMLCALL
+XML_SetBillionLaughsAttackProtectionMaximumAmplification(XML_Parser p,
+ float maximumAmplificationFactor);
+</pre>
+<div class="fcndef">
+ <p>
+ Sets the maximum tolerated amplification factor
+ for protection against
+ <a href="https://en.wikipedia.org/wiki/Billion_laughs_attack">billion laughs attacks</a>
+ (default: <code>100.0</code>)
+ of parser <code>p</code> to <code>maximumAmplificationFactor</code>, and
+ returns <code>XML_TRUE</code> upon success and <code>XML_TRUE</code> upon error.
+ </p>
+
+ The amplification factor is calculated as ..
+ <pre>
+ amplification := (direct + indirect) / direct
+ </pre>
+ .. while parsing, whereas
+ <code>direct</code> is the number of bytes read from the primary document in parsing and
+ <code>indirect</code> is the number of bytes added by expanding entities and reading of external DTD files, combined.
+
+ <p>For a call to <code>XML_SetBillionLaughsAttackProtectionMaximumAmplification</code> to succeed:</p>
+ <ul>
+ <li>parser <code>p</code> must be a non-<code>NULL</code> root parser (without any parent parsers) and</li>
+ <li><code>maximumAmplificationFactor</code> must be non-<code>NaN</code> and greater than or equal to <code>1.0</code>.</li>
+ </ul>
+
+ <p>
+ <strong>Note:</strong>
+ If you ever need to increase this value for non-attack payload,
+ please <a href="https://github.com/libexpat/libexpat/issues">file a bug report</a>.
+ </p>
+
+ <p>
+ <strong>Note:</strong>
+ Peak amplifications
+ of factor 15,000 for the entire payload and
+ of factor 30,000 in the middle of parsing
+ have been observed with small benign files in practice.
+
+ So if you do reduce the maximum allowed amplification,
+ please make sure that the activation threshold is still big enough
+ to not end up with undesired false positives (i.e. benign files being rejected).
+ </p>
+</div>
+
+<h4 id="XML_SetBillionLaughsAttackProtectionActivationThreshold">XML_SetBillionLaughsAttackProtectionActivationThreshold</h4>
+<pre class="fcndec">
+/* Added in Expat 2.4.0. */
+XML_Bool XMLCALL
+XML_SetBillionLaughsAttackProtectionActivationThreshold(XML_Parser p,
+ unsigned long long activationThresholdBytes);
+</pre>
+<div class="fcndef">
+ <p>
+ Sets number of output bytes (including amplification from entity expansion and reading DTD files)
+ needed to activate protection against
+ <a href="https://en.wikipedia.org/wiki/Billion_laughs_attack">billion laughs attacks</a>
+ (default: <code>8 MiB</code>)
+ of parser <code>p</code> to <code>activationThresholdBytes</code>, and
+ returns <code>XML_TRUE</code> upon success and <code>XML_TRUE</code> upon error.
+ </p>
+
+ <p>For a call to <code>XML_SetBillionLaughsAttackProtectionActivationThreshold</code> to succeed:</p>
+ <ul>
+ <li>parser <code>p</code> must be a non-<code>NULL</code> root parser (without any parent parsers).</li>
+ </ul>
+
+ <p>
+ <strong>Note:</strong>
+ If you ever need to increase this value for non-attack payload,
+ please <a href="https://github.com/libexpat/libexpat/issues">file a bug report</a>.
+ </p>
+
+ <p>
+ <strong>Note:</strong>
+ Activation thresholds below 4 MiB are known to break support for
+ <a href="https://en.wikipedia.org/wiki/Darwin_Information_Typing_Architecture">DITA</a> 1.3 payload
+ and are hence not recommended.
+ </p>
+</div>
+
<h3><a name="miscellaneous">Miscellaneous functions</a></h3>
<p>The functions in this section either obtain state information from
the parser or can be used to dynamically set parser options.</p>
-<pre class="fcndec" id="XML_SetUserData">
+<h4 id="XML_SetUserData">XML_SetUserData</h4>
+<pre class="fcndec">
void XMLCALL
XML_SetUserData(XML_Parser p,
void *userData);
@@ -2018,7 +2193,8 @@
memory.
</div>
-<pre class="fcndec" id="XML_GetUserData">
+<h4 id="XML_GetUserData">XML_GetUserData</h4>
+<pre class="fcndec">
void * XMLCALL
XML_GetUserData(XML_Parser p);
</pre>
@@ -2027,7 +2203,8 @@
It is actually implemented as a macro.
</div>
-<pre class="fcndec" id="XML_UseParserAsHandlerArg">
+<h4 id="XML_UseParserAsHandlerArg">XML_UseParserAsHandlerArg</h4>
+<pre class="fcndec">
void XMLCALL
XML_UseParserAsHandlerArg(XML_Parser p);
</pre>
@@ -2038,7 +2215,8 @@
>XML_GetUserData</a></code> function.
</div>
-<pre class="fcndec" id="XML_SetBase">
+<h4 id="XML_SetBase">XML_SetBase</h4>
+<pre class="fcndec">
enum XML_Status XMLCALL
XML_SetBase(XML_Parser p,
const XML_Char *base);
@@ -2050,7 +2228,8 @@
<code>XML_STATUS_OK</code>.
</div>
-<pre class="fcndec" id="XML_GetBase">
+<h4 id="XML_GetBase">XML_GetBase</h4>
+<pre class="fcndec">
const XML_Char * XMLCALL
XML_GetBase(XML_Parser p);
</pre>
@@ -2058,7 +2237,8 @@
Return the base for resolving relative URIs.
</div>
-<pre class="fcndec" id="XML_GetSpecifiedAttributeCount">
+<h4 id="XML_GetSpecifiedAttributeCount">XML_GetSpecifiedAttributeCount</h4>
+<pre class="fcndec">
int XMLCALL
XML_GetSpecifiedAttributeCount(XML_Parser p);
</pre>
@@ -2074,7 +2254,8 @@
means the current call.
</div>
-<pre class="fcndec" id="XML_GetIdAttributeIndex">
+<h4 id="XML_GetIdAttributeIndex">XML_GetIdAttributeIndex</h4>
+<pre class="fcndec">
int XMLCALL
XML_GetIdAttributeIndex(XML_Parser p);
</pre>
@@ -2086,7 +2267,8 @@
current call.
</div>
-<pre class="fcndec" id="XML_GetAttributeInfo">
+<h4 id="XML_GetAttributeInfo">XML_GetAttributeInfo</h4>
+<pre class="fcndec">
const XML_AttrInfo * XMLCALL
XML_GetAttributeInfo(XML_Parser parser);
</pre>
@@ -2107,7 +2289,8 @@
<code>XML_GetSpecifiedAttributeCount(parser) / 2</code>.
</div>
-<pre class="fcndec" id="XML_SetEncoding">
+<h4 id="XML_SetEncoding">XML_SetEncoding</h4>
+<pre class="fcndec">
enum XML_Status XMLCALL
XML_SetEncoding(XML_Parser p,
const XML_Char *encoding);
@@ -2122,7 +2305,8 @@
<code>XML_STATUS_ERROR</code> on error.
</div>
-<pre class="fcndec" id="XML_SetParamEntityParsing">
+<h4 id="XML_SetParamEntityParsing">XML_SetParamEntityParsing</h4>
+<pre class="fcndec">
int XMLCALL
XML_SetParamEntityParsing(XML_Parser p,
enum XML_ParamEntityParsing code);
@@ -2142,7 +2326,8 @@
no effect and will always return 0.
</div>
-<pre class="fcndec" id="XML_SetHashSalt">
+<h4 id="XML_SetHashSalt">XML_SetHashSalt</h4>
+<pre class="fcndec">
int XMLCALL
XML_SetHashSalt(XML_Parser p,
unsigned long hash_salt);
@@ -2153,15 +2338,16 @@
function behavior. In order to have an effect this must be called
before parsing has started. Returns 1 if successful, 0 when called
after <code>XML_Parse</code> or <code>XML_ParseBuffer</code>.
-<p><b>Note:</b>This call is optional, as the parser will auto-generate
+<p><b>Note:</b> This call is optional, as the parser will auto-generate
a new random salt value if no value has been set at the start of parsing.</p>
-<p><b>Note:</b>One should not call <code>XML_SetHashSalt</code> with a
+<p><b>Note:</b> One should not call <code>XML_SetHashSalt</code> with a
hash salt value of 0, as this value is used as sentinel value to indicate
that <code>XML_SetHashSalt</code> has <b>not</b> been called. Consequently
such a call will have no effect, even if it returns 1.</p>
</div>
-<pre class="fcndec" id="XML_UseForeignDTD">
+<h4 id="XML_UseForeignDTD">XML_UseForeignDTD</h4>
+<pre class="fcndec">
enum XML_Error XMLCALL
XML_UseForeignDTD(XML_Parser parser, XML_Bool useDTD);
</pre>
@@ -2198,7 +2384,8 @@
the external entity reference handler returns without action.</p>
</div>
-<pre class="fcndec" id="XML_SetReturnNSTriplet">
+<h4 id="XML_SetReturnNSTriplet">XML_SetReturnNSTriplet</h4>
+<pre class="fcndec">
void XMLCALL
XML_SetReturnNSTriplet(XML_Parser parser,
int do_nst);
@@ -2220,7 +2407,8 @@
separator.</p>
</div>
-<pre class="fcndec" id="XML_DefaultCurrent">
+<h4 id="XML_DefaultCurrent">XML_DefaultCurrent</h4>
+<pre class="fcndec">
void XMLCALL
XML_DefaultCurrent(XML_Parser parser);
</pre>
@@ -2234,7 +2422,8 @@
not a default handler.
</div>
-<pre class="fcndec" id="XML_ExpatVersion">
+<h4 id="XML_ExpatVersion">XML_ExpatVersion</h4>
+<pre class="fcndec">
XML_LChar * XMLCALL
XML_ExpatVersion();
</pre>
@@ -2242,7 +2431,8 @@
Return the library version as a string (e.g. <code>"expat_1.95.1"</code>).
</div>
-<pre class="fcndec" id="XML_ExpatVersionInfo">
+<h4 id="XML_ExpatVersionInfo">XML_ExpatVersionInfo</h4>
+<pre class="fcndec">
struct XML_Expat_Version XMLCALL
XML_ExpatVersionInfo();
</pre>
@@ -2266,7 +2456,8 @@
particular parts of the Expat API are available.
</div>
-<pre class="fcndec" id="XML_GetFeatureList">
+<h4 id="XML_GetFeatureList">XML_GetFeatureList</h4>
+<pre class="fcndec">
const XML_Feature * XMLCALL
XML_GetFeatureList();
</pre>
@@ -2327,7 +2518,8 @@
</dl>
</div>
-<pre class="fcndec" id="XML_FreeContentModel">
+<h4 id="XML_FreeContentModel">XML_FreeContentModel</h4>
+<pre class="fcndec">
void XMLCALL
XML_FreeContentModel(XML_Parser parser, XML_Content *model);
</pre>
@@ -2346,7 +2538,8 @@
libraries which use different C standard libraries (this can happen on
Windows, at least).</p>
-<pre class="fcndec" id="XML_MemMalloc">
+<h4 id="XML_MemMalloc">XML_MemMalloc</h4>
+<pre class="fcndec">
void * XMLCALL
XML_MemMalloc(XML_Parser parser, size_t size);
</pre>
@@ -2358,7 +2551,8 @@
>XML_MemFree</a></code>.
</div>
-<pre class="fcndec" id="XML_MemRealloc">
+<h4 id="XML_MemRealloc">XML_MemRealloc</h4>
+<pre class="fcndec">
void * XMLCALL
XML_MemRealloc(XML_Parser parser, void *ptr, size_t size);
</pre>
@@ -2377,7 +2571,8 @@
>XML_MemFree</a></code>.
</div>
-<pre class="fcndec" id="XML_MemFree">
+<h4 id="XML_MemFree">XML_MemFree</h4>
+<pre class="fcndec">
void XMLCALL
XML_MemFree(XML_Parser parser, void *ptr);
</pre>
@@ -2388,9 +2583,12 @@
</div>
<hr />
-<p><a href="http://validator.w3.org/check/referer"><img
- src="valid-xhtml10.png" alt="Valid XHTML 1.0!"
- height="31" width="88" class="noborder" /></a></p>
+
+ <div class="footer">
+ Found a bug in the documentation?
+ <a href="https://github.com/libexpat/libexpat/issues">Please file a bug report.</a>
+ </div>
+
</div>
</body>
</html>