2 -- Copyright (C) 2008-2010 Matthew Wild
3 -- Copyright (C) 2008-2010 Waqas Hussain
5 -- This project is MIT/X11 licensed. Please see the
6 -- COPYING file in the source package for more information.
14 local tostring = tostring;
15 local t_insert = table.insert;
16 local t_concat = table.concat;
18 local default_log = require "util.logger".init("xmlhandlers");
20 -- COMPAT: w/LuaExpat 1.1.0
21 local lxp_supports_doctype = pcall(lxp.new, { StartDoctypeDecl = false });
23 if not lxp_supports_doctype then
24 default_log("warn", "The version of LuaExpat on your system leaves Prosody "
25 .."vulnerable to denial-of-service attacks. You should upgrade to "
26 .."LuaExpat 1.1.1 or higher as soon as possible. See "
27 .."http://prosody.im/doc/depends#luaexpat for more information.");
35 ["http://www.w3.org/XML/1998/namespace"] = "xml";
38 local xmlns_streams = "http://etherx.jabber.org/streams";
40 local ns_separator = "\1";
41 local ns_pattern = "^([^"..ns_separator.."]*)"..ns_separator.."?(.*)$";
43 function init_xmlhandlers(session, stream_callbacks)
45 local xml_handlers = {};
46 local log = session.log or default_log;
48 local cb_streamopened = stream_callbacks.streamopened;
49 local cb_streamclosed = stream_callbacks.streamclosed;
50 local cb_error = stream_callbacks.error or function(session, e) error("XML stream error: "..tostring(e)); end;
51 local cb_handlestanza = stream_callbacks.handlestanza;
53 local stream_ns = stream_callbacks.stream_ns or xmlns_streams;
54 local stream_tag = stream_ns..ns_separator..(stream_callbacks.stream_tag or "stream");
55 local stream_error_tag = stream_ns..ns_separator..(stream_callbacks.error_tag or "error");
57 local stream_default_ns = stream_callbacks.default_ns;
60 function xml_handlers:StartElement(tagname, attr)
61 if stanza and #chardata > 0 then
62 -- We have some character data in the buffer
63 stanza:text(t_concat(chardata));
66 local curr_ns,name = tagname:match(ns_pattern);
68 curr_ns, name = "", curr_ns;
71 if curr_ns ~= stream_default_ns then
79 local ns, nm = k:match(ns_pattern);
83 attr[ns..":"..nm] = attr[k];
89 if not stanza then --if we are not currently inside a stanza
90 if session.notopen then
91 if tagname == stream_tag then
92 if cb_streamopened then
93 cb_streamopened(session, attr);
96 -- Garbage before stream?
97 cb_error(session, "no-stream");
101 if curr_ns == "jabber:client" and name ~= "iq" and name ~= "presence" and name ~= "message" then
102 cb_error(session, "invalid-top-level-element");
105 stanza = st.stanza(name, attr);
106 else -- we are inside a stanza, so add a tag
108 if curr_ns ~= stream_default_ns then
109 attr.xmlns = curr_ns;
111 stanza:tag(name, attr);
114 function xml_handlers:CharacterData(data)
116 t_insert(chardata, data);
119 function xml_handlers:EndElement(tagname)
121 if #chardata > 0 then
122 -- We have some character data in the buffer
123 stanza:text(t_concat(chardata));
127 if #stanza.last_add == 0 then
128 if tagname ~= stream_error_tag then
129 cb_handlestanza(session, stanza);
131 cb_error(session, "stream-error", stanza);
138 if tagname == stream_tag then
139 if cb_streamclosed then
140 cb_streamclosed(session);
143 local curr_ns,name = tagname:match(ns_pattern);
145 curr_ns, name = "", curr_ns;
147 cb_error(session, "parse-error", "unexpected-element-close", name);
149 stanza, chardata = nil, {};
153 local function restricted_handler(parser)
154 cb_error(session, "parse-error", "restricted-xml", "Restricted XML, see RFC 6120 section 11.1.");
155 if not parser:stop() then
156 error("Failed to abort parsing");
160 if lxp_supports_doctype then
161 xml_handlers.StartDoctypeDecl = restricted_handler;
163 xml_handlers.Comment = restricted_handler;
164 xml_handlers.ProcessingInstruction = restricted_handler;
169 return init_xmlhandlers;