diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 15 |
1 files changed, 11 insertions, 4 deletions
@@ -15,13 +15,13 @@ It supports reading and writing of XML documents in a streaming fashion (without ### Features -* API based on `Iterator`s and regular `String`s without tricky lifetimes. - * XML spec conformance better than other pure-Rust libraries. +* Easy to use API based on `Iterator`s and regular `String`s without tricky lifetimes. + * Support for UTF-16, UTF-8, ISO-8859-1, and ASCII encodings. -* Written entirely in the safe Rust subset. +* Written entirely in the safe Rust subset. Designed to safely handle untrusted input. The API is heavily inspired by Java Streaming API for XML ([StAX][stax]). It contains a pull parser much like StAX event reader. It provides an iterator API, so you can leverage Rust's existing iterators library features. @@ -53,7 +53,7 @@ xml-rs uses [Cargo](https://crates.io), so add it with `cargo add xml` or modify ```toml [dependencies] -xml = "0.8" +xml = "0.8.16" ``` The package exposes a single crate called `xml`. @@ -129,6 +129,13 @@ small program (BTW, it is built with `cargo build` and can be run after that) wh statistics about specified XML document. It can also be used to check for well-formedness of XML documents - if a document is not well-formed, this program will exit with an error. + +## Parsing untrusted inputs + +The parser is written in safe Rust subset, so by Rust's guarantees the worst that it can do is to cause a panic. +You can use `ParserConfig` to set limits on maximum lenghts of names, attributes, text, entities, etc. +You should also set a maximum document size via `io::Read`'s [`take(max)`](https://doc.rust-lang.org/stable/std/io/trait.Read.html#method.take) method. + Writing XML documents --------------------- |