doc: update ParseOptions::HUGE warning (#3142)

flavorjones · web-flow · commit f2563b79dea8 · 2024-03-07T15:47:14.000-05:00
**What problem is this PR intended to solve?**

We've long documented use of `HUGE` as a performance concern, when in
reality it's a security concern. Large untrusted documents can cause OOM
condition when the HUGE option is set.

Also: small developer change to lower verbosity of tests.
diff --git a/lib/nokogiri/xml/parse_options.rb b/lib/nokogiri/xml/parse_options.rb
@@ -140,7 +140,7 @@ class ParseOptions
 
       # Relax any hardcoded limit from the parser. Off by default.
       #
-      # ⚠ There may be a performance penalty when this option is set.
+      # ⚠ <b>It is UNSAFE to set this option</b> when parsing untrusted documents.
       HUGE        = 1 << 19
 
       # Support line numbers up to <code>long int</code> (default is a <code>short int</code>). On
diff --git a/rakelib/test.rake b/rakelib/test.rake
@@ -109,7 +109,7 @@ end
 
 def nokogiri_test_task_configuration(t)
   t.libs << "test"
-  t.verbose = true
+  # t.verbose = true # This is noisier than we need. Commenting out 2024-03-07.
   # t.options = "-v" if ENV["CI"] # I haven't needed this in a long time. Commenting out 2023-12-10.
 end
 

Original file line number	Diff line number	Diff line change
`@@ -140,7 +140,7 @@ class ParseOptions`
`140`	`140`
`141`	`141`	`# Relax any hardcoded limit from the parser. Off by default.`
`142`	`142`	`#`
`143`		`- # ⚠ There may be a performance penalty when this option is set.`
	`143`	`+ # ⚠ <b>It is UNSAFE to set this option</b> when parsing untrusted documents.`
`144`	`144`	`HUGE = 1 << 19`
`145`	`145`
`146`	`146`	`# Support line numbers up to <code>long int</code> (default is a <code>short int</code>). On`