/ 
XML-LibXML-1.64
/ XML::LibXML::SAX::Builder
Security Advisories (2)
CVE-2015-3451 (2015-04-23)

The _clone function does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

CVE-2017-10672 (2015-04-23)

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.

NAME

XML::LibXML::SAX::Builder - Building DOM trees from SAX events.

SYNOPSIS

use XML::LibXML::SAX::Builder;
my $builder = XML::LibXML::SAX::Builder->new();

my $gen = XML::Generator::DBI->new(Handler => $builder, dbh => $dbh);
$gen->execute("SELECT * FROM Users");

my $doc = $builder->result();

DESCRIPTION

This is a SAX handler that generates a DOM tree from SAX events. Usage is as above. Input is accepted from any SAX1 or SAX2 event generator.

Building DOM trees from SAX events is quite easy with XML::LibXML::SAX::Builder. The class is designed as a SAX2 final handler not as a filter!

Since SAX is strictly stream oriented, you should not expect anything to return from a generator. Instead you have to ask the builder instance directly to get the document built. XML::LibXML::SAX::Builder's result() function holds the document generated from the last SAX stream.

AUTHORS

Matt Sergeant, Christian Glahn, Petr Pajas,

VERSION

1.64

COPYRIGHT

2001-2007, AxKit.com Ltd; 2002-2006 Christian Glahn; 2006-2007 Petr Pajas, All rights reserved.