Mercurial > hg
view contrib/xml.rnc @ 30850:41e31a6f5296 stable
revset: prevent using outgoing() and remote() in hgweb session (BC)
outgoing() and remote() may stall for long due to network I/O, which seems
unsafe per definition, "whether a predicate is safe for DoS attack." But I'm
not 100% sure about this. If our concern isn't elapsed time but CPU resource,
these predicates are considered safe. Perhaps that would be up to the
web/application server configuration?
Anyway, outgoing() and remote() wouldn't be useful in hgweb, so I think
it's okay to ban them.
| author | Yuya Nishihara <yuya@tcha.org> |
|---|---|
| date | Fri, 20 Jan 2017 21:33:18 +0900 |
| parents | 3acfb69a4729 |
| children |
line wrap: on
line source
# RelaxNG schema for "xml" log style # Inspired by Subversion's XML log format. start = log node.type = xsd:string {minLength = "40" maxLength = "40"} log = element log { logentry+ } logentry = element logentry { logentry.attlist, branch*, tag*, hgparent*, author, date, msg, paths?, copies?, extra* } logentry.attlist = attribute revision {xsd:nonNegativeInteger} & attribute node {node.type} branch = element branch { text } tag = element tag { text } hgparent = element parent {hgparent.attlist, text} hgparent.attlist = attribute revision {xsd:integer {minInclusive = "-1"} } & attribute node {node.type} author = element author { author.attlist, text } author.attlist = attribute email {text} date = element date {xsd:dateTime} msg = element msg {msg.attlist, text} msg.attlist = attribute xml:space {"preserve"} paths = element paths { path* } path = element path { path.attlist, text } path.attlist = # Action: (A)dd, (M)odify, (R)emove attribute action {"A"|"M"|"R"} copies = element copies { copy+ } copy = element copy { copy.attlist, text } copy.attlist = attribute source {text} extra = element extra {extra.attlist, text} extra.attlist = attribute key {text}