| commit | 5bb68d28148ddc600740e8f664bf5b841fa7b57c | |
| author | milde <milde@929543f6-e4f2-0310-98a6-ba3bd3dd1d04> | |
| Mon, 14 Sep 2020 10:26:03 +0000 (14 10:26 +0000) | ||
| committer | milde <milde@929543f6-e4f2-0310-98a6-ba3bd3dd1d04> | |
| Mon, 14 Sep 2020 10:26:03 +0000 (14 10:26 +0000) | ||
| tree | d1e827c41d28072b5bfc188486350a5d43b50de8 | treesnapshot (tar.gz zip) |
| parent | 8733227a49bd281f7d4b2d804c2b4676613fc9dc | commitdiff |
Limit length of input lines and substitution expansion.
Mitigate the danger of DoS attacs using
specially crafted rST input (cf. bug #381).
The default value of 10 000 characters should suffice for
legitimate use cases (e.g. long paragraphs in auto-wrapping editors
or extensive creative use of substitutions).
Applications processing untrusted rST might wish to lower this
limitation (together with other safety measures described in
docs/howto/security.txt).
Unsupervised processing of untrusted rST input should always
be safeguarded with limits on processing time and memory use.
git-svn-id: http://svn.code.sf.net/p/docutils/code/trunk@8565 929543f6-e4f2-0310-98a6-ba3bd3dd1d04
Mitigate the danger of DoS attacs using
specially crafted rST input (cf. bug #381).
The default value of 10 000 characters should suffice for
legitimate use cases (e.g. long paragraphs in auto-wrapping editors
or extensive creative use of substitutions).
Applications processing untrusted rST might wish to lower this
limitation (together with other safety measures described in
docs/howto/security.txt).
Unsupervised processing of untrusted rST input should always
be safeguarded with limits on processing time and memory use.
git-svn-id: http://svn.code.sf.net/p/docutils/code/trunk@8565 929543f6-e4f2-0310-98a6-ba3bd3dd1d04