aboutsummaryrefslogtreecommitdiff
path: root/src/test/regress/sql/xml.sql
diff options
context:
space:
mode:
Diffstat (limited to 'src/test/regress/sql/xml.sql')
-rw-r--r--src/test/regress/sql/xml.sql6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/test/regress/sql/xml.sql b/src/test/regress/sql/xml.sql
index 717a1e7170e..366e2798d40 100644
--- a/src/test/regress/sql/xml.sql
+++ b/src/test/regress/sql/xml.sql
@@ -211,3 +211,9 @@ SELECT xml_is_well_formed('<pg:foo xmlns:pg="http://postgresql.org/stuff">bar</p
SET xmloption TO CONTENT;
SELECT xml_is_well_formed('abc');
+
+-- External entity references should not leak filesystem information.
+SELECT XMLPARSE(DOCUMENT '<!DOCTYPE foo [<!ENTITY c SYSTEM "/etc/passwd">]><foo>&c;</foo>');
+SELECT XMLPARSE(DOCUMENT '<!DOCTYPE foo [<!ENTITY c SYSTEM "/etc/no.such.file">]><foo>&c;</foo>');
+-- This might or might not load the requested DTD, but it mustn't throw error.
+SELECT XMLPARSE(DOCUMENT '<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"><chapter>&nbsp;</chapter>');
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-19 09:46:42 +0000