/ 
HTML-Parser-3.74
⭐ Starred 6
Security Advisories (1)
CVE-2026-8829 (2026-06-04)

HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV returned by hv_fetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and that value contained its own key as an entity reference, a later call to grow_gap() reallocated the SV's PV buffer and freed the backing allocation that repl still pointed into. The subsequent copy loop read repl_len bytes from the freed allocation. The read may disclose adjacent heap contents into the destination SV.

Changes for version 3.74 - 2020-08-30

  • Fix the order of date and version in this change log. (Thanks, haarg)
  • Convert to Dist::Zilla
  • Build all prereqs from our cpanfile
  • Go through all test files and:
    • perltidy
    • Use strict/warnings
    • Get rid of two-arg open
    • Get rid of BAREWORD filehandles
    • Fix the eval pattern used
    • Only use -w where we catch $SIG{__WARN__}
    • Fix encoding problems
    • use utf8 where we have unicode in the source
  • Fix a typo here and there
  • perltidy all of the example apps in eg/
  • Add comments explaining the apps in eg/ (GH#13 Thanks, Salvatore Bonaccorso)
  • Print out UTF-8 encoded data where sensible in eg/

Modules

HTML::Parser
HTML parser class
HTML::Entities
Encode or decode strings with HTML entities
HTML::Filter
Filter HTML text through the parser
HTML::HeadParser
Parse <HEAD> section of a HTML document
HTML::LinkExtor
Extract links from an HTML document
HTML::PullParser
Alternative HTML::Parser interface
HTML::TokeParser
Alternative HTML::Parser interface

Examples

Other files