问:是否有一个标志实际上阻止了所有实体的解析? LIBXML_NOENT启用所有实体引用的替换.如果您不希望扩展实体,只需省略该标志.例如$xml = '<!DOCTYPE test [<!ENTITY c "TEST">]><test>&c;</test>';$dom = new DOMDocument();$dom->loadXML($xml);echo $dom->saveXML();打印 <?xml version="1.0"?><!DOCTYPE test [<!ENTITY c "TEST">]><test>&c;</test> 似乎textContent会自行替换实体,这可能是PHP绑定的特殊之处.如果没有LIBXML_NOENT,它将导致内部和外部实体的行为不同,因为不会加载内部和外部实体.In PHP, one can pass optional arguments to various XML parsers, one of them being LIBXML_NOENT. The documentation has this to say about it:Substitute entities isn't very informative (what entities? when are they substituted?). But I think it's fair to assume that NOENT is short for NO_ENTITIES or NO_EXTERNAL_ENTITIES, so to me it seems to be a fair assumption that this flag disables the parsing of (external) entities.But that is indeed not the case:$xml = '<!DOCTYPE root [<!ENTITY c PUBLIC "bar" "/etc/passwd">]><test>&c;</test>';$dom = new DOMDocument();$dom->loadXML($xml, LIBXML_NOENT);echo $dom->textContent;The result is that the content of /etc/passwd is echoed. Without the LIBXML_NOENT argument this is not the case.For non-external entities, the flag doesn't seem to have any effect. Example: $xml = '<!DOCTYPE root [<!ENTITY c "TEST">]><test>&c;</test>';$dom = new DOMDocument();$dom->loadXML($xml);echo $dom->textContent;The result of this code is "TEST", with and without LIBXML_NOENT.The flag doesn't seem to have any effect on pre-defined entities such as &lt;.So my questions are:What exactly does the LIBXML_NOENT flag do?Why is it called LIBXML_NOENT? What is it short for, and wouldn't LIBXML_ENT or LIBXML_PARSE_EXTERNAL_ENTITIES be a better fit?Is there a flag that actually prevents the parsing of all entities? 解决方案 Q: What exactly does the LIBXML_NOENT flag do?The flag enables the substitution of XML character entity references, external or not.Q: Why is it called LIBXML_NOENT? What is it short for, and wouldn't LIBXML_ENT or LIBXML_PARSE_EXTERNAL_ENTITIES be a better fit?The name is indeed misleading. I think that NOENT simply means that the node tree of the parsed document won't contain any entity nodes, so the parser will substitute entities. Without NOENT, the parser creates DOMEntityReference nodes for entity references.Q: Is there a flag that actually prevents the parsing of all entities?LIBXML_NOENT enables the substitution of all entity references. If you don't want entities to be expanded, simply omit the flag. For example$xml = '<!DOCTYPE test [<!ENTITY c "TEST">]><test>&c;</test>';$dom = new DOMDocument();$dom->loadXML($xml);echo $dom->saveXML();prints<?xml version="1.0"?><!DOCTYPE test [<!ENTITY c "TEST">]><test>&c;</test>It seems that textContent replaces entities on its own which might be a peculiarity of the PHP bindings. Without LIBXML_NOENT, it leads to different behavior for internal and external entities because the latter won't be loaded. 这篇关于LIBXML_NOENT是做什么的(为什么不叫LIBXML_ENT)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 上岸,阿里云!
09-05 13:04
查看更多