2 -- Copyright (C) 2008-2010 Matthew Wild
3 -- Copyright (C) 2008-2010 Waqas Hussain
5 -- This project is MIT/X11 licensed. Please see the
6 -- COPYING file in the source package for more information.
14 local tostring = tostring;
16 local ipairs = ipairs;
17 local t_insert = table.insert;
18 local t_concat = table.concat;
20 local default_log = require "util.logger".init("xmlhandlers");
22 -- COMPAT: w/LuaExpat 1.1.0
23 local lxp_supports_doctype = pcall(lxp.new, { StartDoctypeDecl = false });
25 if not lxp_supports_doctype then
26 default_log("warn", "The version of LuaExpat on your system leaves Prosody "
27 .."vulnerable to denial-of-service attacks. You should upgrade to "
28 .."LuaExpat 1.1.1 or higher as soon as possible. See "
29 .."http://prosody.im/doc/depends#luaexpat for more information.");
37 ["http://www.w3.org/XML/1998/namespace"] = "xml";
40 function init_xmlhandlers(session, stream_callbacks)
41 local ns_stack = { "" };
44 local xml_handlers = {};
45 local log = session.log or default_log;
47 local cb_streamopened = stream_callbacks.streamopened;
48 local cb_streamclosed = stream_callbacks.streamclosed;
49 local cb_error = stream_callbacks.error or function (session, e) error("XML stream error: "..tostring(e)); end;
50 local cb_handlestanza = stream_callbacks.handlestanza;
52 local stream_tag = stream_callbacks.stream_tag;
53 local stream_default_ns = stream_callbacks.default_ns;
56 function xml_handlers:StartElement(tagname, attr)
57 if stanza and #chardata > 0 then
58 -- We have some character data in the buffer
59 stanza:text(t_concat(chardata));
62 local curr_ns,name = tagname:match("^([^\1]*)\1?(.*)$");
64 curr_ns, name = "", curr_ns;
67 if curr_ns ~= stream_default_ns then
75 local ns, nm = k:match("^([^\1]*)\1?(.*)$");
79 attr[ns..":"..nm] = attr[k];
85 if not stanza then --if we are not currently inside a stanza
86 if session.notopen then
87 if tagname == stream_tag then
88 if cb_streamopened then
89 cb_streamopened(session, attr);
92 -- Garbage before stream?
93 cb_error(session, "no-stream");
97 if curr_ns == "jabber:client" and name ~= "iq" and name ~= "presence" and name ~= "message" then
98 cb_error(session, "invalid-top-level-element");
101 stanza = st.stanza(name, attr);
103 else -- we are inside a stanza, so add a tag
105 if curr_ns ~= stream_default_ns then
106 attr.xmlns = curr_ns;
108 stanza:tag(name, attr);
111 function xml_handlers:CharacterData(data)
113 t_insert(chardata, data);
116 function xml_handlers:EndElement(tagname)
117 local curr_ns,name = tagname:match("^([^\1]*)\1?(.*)$");
119 curr_ns, name = "", curr_ns;
121 if (not stanza) or (#stanza.last_add > 0 and name ~= stanza.last_add[#stanza.last_add].name) then
122 if tagname == stream_tag then
123 if cb_streamclosed then
124 cb_streamclosed(session);
126 elseif name == "error" then
127 cb_error(session, "stream-error", stanza);
129 cb_error(session, "parse-error", "unexpected-element-close", name);
131 stanza, chardata = nil, {};
134 if #chardata > 0 then
135 -- We have some character data in the buffer
136 stanza:text(t_concat(chardata));
140 if #stanza.last_add == 0 then
141 cb_handlestanza(session, stanza);
148 local function restricted_handler(parser)
149 cb_error(session, "parse-error", "restricted-xml", "Restricted XML, see RFC 6120 section 11.1.");
150 if not parser:stop() then
151 error("Failed to abort parsing");
155 if lxp_supports_doctype then
156 xml_handlers.StartDoctypeDecl = restricted_handler;
158 xml_handlers.Comment = restricted_handler;
159 xml_handlers.ProcessingInstruction = restricted_handler;
164 return init_xmlhandlers;
projects / prosody.git / blob