How to disable XML parsing in Rails 3

Question

I want to disable the automatic XML parsing of HTTP parameters. But I've found commands for Rails 2.x only, none of them works for 3.0:

config.action_controller.param_parsers.delete Mime::XML (application.rb)
ActionController::Base.param_parsers.delete Mime::XML

What is the equivalent in Rails 3.0?

Look at my answer to this question regarding the disabling of JSON parsing. Similar, but not identical. http://stackoverflow.com/questions/10212434/prevent-ruby-on-rails-3-from-parsing-json-post/10434741#10434741 — Mark Paine, May 12 '12 at 04:13

score 14 · Answer 1 · answered Jan 09 '13 at 17:15

14

According to the latest security bulletin for CVE-2013-0156 you can use this for Rails 3.0. 3.1 and 3.2

ActionDispatch::ParamsParser::DEFAULT_PARSERS.delete(Mime::XML)

answered Jan 09 '13 at 17:15

Meier

2

You're probably going to get a lot of votes in the next few days :) – gak Jan 09 '13 at 20:58

1 Answers1