merge revision(s) 39384:

* lib/rexml/document.rb (REXML::Document.entity_expansion_text_limit):
	  new attribute to read/write entity expansion text limit.  the default
	  limit is 10Kb.

	* lib/rexml/text.rb (REXML::Text.unnormalize): check above attribute.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@39387 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

lib/rexml/text.rb

@@ -380,25 +380,35 @@ module REXML
 
     # Unescapes all possible entities
     def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil )
+      sum = 0
       string.gsub( /\r\n?/, "\n" ).gsub( REFERENCE ) {
-        ref = $&
-        if ref[1] == ?#
-          if ref[2] == ?x
-            [ref[3...-1].to_i(16)].pack('U*')
-          else
-            [ref[2...-1].to_i].pack('U*')
-          end
-        elsif ref == '&'
-          '&'
-        elsif filter and filter.include?( ref[1...-1] )
-          ref
-        elsif doctype
-          doctype.entity( ref[1...-1] ) or ref
+        s = Text.expand($&, doctype, filter)
+        if sum + s.bytesize > Document.entity_expansion_text_limit
+          raise "entity expansion has grown too large"
         else
-          entity_value = DocType::DEFAULT_ENTITIES[ ref[1...-1] ]
-          entity_value ? entity_value.value : ref
+          sum += s.bytesize
         end
+        s
       }
     end
+
+    def Text.expand(ref, doctype, filter)
+      if ref[1] == ?#
+        if ref[2] == ?x
+          [ref[3...-1].to_i(16)].pack('U*')
+        else
+          [ref[2...-1].to_i].pack('U*')
+        end
+      elsif ref == '&'
+        '&'
+      elsif filter and filter.include?( ref[1...-1] )
+        ref
+      elsif doctype
+        doctype.entity( ref[1...-1] ) or ref
+      else
+        entity_value = DocType::DEFAULT_ENTITIES[ ref[1...-1] ]
+        entity_value ? entity_value.value : ref
+      end
+    end
   end
 end