local expat = require'expat' local pp = require'pp' local callbacks = setmetatable({}, {__index = function(t,k) return function(...) print(k,...) end end}) expat.parse({path='media/svg/zorro.svg'}, callbacks) pp(expat.treeparse{path='media/svg/zorro.svg'}) --[[Test for CVE-2013-0340 vulnerability According to http://www.openwall.com/lists/oss-security/2013/04/12/6 this is apparently not going to be fixed directly by expat, but only on an application per application level. We rather adopt a safe default inspired by apr_xml_parser, and abort parsing if entity declarations are present. Users who need entity declarations to work should override the callback. See http://svn.apache.org/viewvc/apr/apr/trunk/xml/apr_xml.c?r1=757729&r2=781403&pathrev=781403 ]]-- assert(not pcall(function() pp(expat.treeparse{string=[[ ]> &laugh30;]]}) end)) function soaptest(xmlsrc) local xmlsoap = expat.treeparse({ namespacesep = '|', string = xmlsrc}) print('tag = '..pp.format(xmlsoap .tags['http://schemas.xmlsoap.org/soap/envelope/|Envelope'] .tags['http://schemas.xmlsoap.org/soap/envelope/|Body'] .children[1] .tag)) for k,v in pairs(xmlsoap .tags['http://schemas.xmlsoap.org/soap/envelope/|Envelope'] .tags['http://schemas.xmlsoap.org/soap/envelope/|Body'] .children[1] .tags) do print(k..' = '..pp.format(v.cdata)) end print'' end --[[Both testcases below should generate the same output: tag = 'http://test.soap.service.luapower.com/|serviceA' paramB = 'SOME STUFF' paramC = '123' paramA = nil ]]-- -- Envelope generated by Python Suds 0.4.1 soaptest[[

SOME STUFF 123

]] -- Envelope generated by Apache CXF 2.7.1 soaptest[[ SOME STUFF 123 ]]