Ervin Hegedus
Ervin Hegedus
> I meant to write `SecRequestBodyXMLDepthLimit` Thanks. But why do you think that reading this keyword it sounds to you like ModSecurity does not use libXML?
> > In case of content do you think about the whole XML raw content? > > Not raw necessarily. I just think that being able to inspect values and...
> Another feature asked by many people is the possibility to parse a JSON from a custom variable (like the value of a cookie, maybe after base64-decode - yes, everybody...
> Why would you want check the second item only, knowing that I could evade your check by switching both items? I don't want to check only the second item...
> Tree based XML parser: > > ... > Stream based XML parser (SAX): These are called in libxml2 DOM parser and SAX parser. May be we should inspect the...
I made a small example which could be the base of future XML parser. The parser uses libxml2's SAX parser, the newest version (v2 - the old methods and structures...
Unfortunately there wasn't any comment, so here is my plan: * I implement extended XML processing, meaning all XML nodes can appear under the `ARGS` collection * Also the keys...
> So the syntax without index is better. In v2, json.b.array.a1 will match all keys named "a1" in the array. I can't decide if it is better or not, but...
I think [this](https://github.com/corazawaf/coraza/pull/876#issuecomment-2462004088) is a good idea, I mean add a build flag to libmodsecurity3 (mod_security2 is not affected) which changes the flag, and not in the next release but...
> Could I open a PR for it? Sure, definitely. This is the best place to discuss every modification.