view release on metacpan or  search on metacpan

lib/Dancer/Serializer/XML.pm  view on Meta::CPAN

    # This is the promised terrible hack: claim that the LWP-talking code has
    # already been loaded, and make sure that the handler that's called when
    # we're dealing with an external entity does nothing.
    # For whichever reason, this handler is called despite XML::Parser
    # (which on my machine is the only XML::SAX backend that can handle
    # external entities) having a ParseParamEnt option which is off by default,
    # but appears to only be used deep in the XML::Parser XS guts.
    no warnings 'redefine';
    local *XML::Parser::lwp_ext_ent_handler = sub { return };
    local $INC{'XML/Parser/LWPExternEnt.pl'}
        = 'Dancer::Serializer::XML disabled loading this to patch around '
        . 'XXE vulnerabilities';
    $_xs->XMLin($xml, %options);
    use warnings 'redefine';
}

sub content_type {'text/xml'}

1;

__END__

=pod

=encoding UTF-8

=head1 NAME

Dancer::Serializer::XML - serializer for handling XML data

=head1 VERSION

version 1.3522

=head1 SYNOPSIS

=head1 DESCRIPTION

=head2 METHODS

=head2 serialize

Serialize a data structure to an XML structure.

=head2 deserialize

Deserialize an XML structure to a data structure

=head2 content_type

Return 'text/xml'

=head2 CONFIG FILE

You can set XML::Simple options for serialize and deserialize in the
config file:

   engines:
      XMLSerializer:
        serialize:
           AttrIndent: 1
        deserialize:
           ForceArray: 1

=head1 AUTHOR

Dancer Core Developers

=head1 COPYRIGHT AND LICENSE

This software is copyright (c) 2010 by Alexis Sukrieh.

This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.

=cut