Turns out, I can use `xmllint` to clean up a lot of files… this reads the file in, in whatever charset it is, pretty-prints it out in UTF-8 to a new file, then if successful, renames the new file over the old one.
```
for f in *.xml; do xmllint --encode UTF-8 --format ${f} > ${f}.new && mv ${f}.new ${f}; done
```
Is it me or is there no way to prevent #xmllint from loading external #XML entities in an XML document? I’ve been trying to find a command-line switch to disable that entirely but to no avail. There’s the --nonet option, but it only disables remote XML entity loading and I can still include /etc/passwd in my output.
Does it mean that any program calling the xmllint utility from #libxml2 (e.g. a shell script) is vulnerable to XML external entity injection?
This little trick was worth a blog post, IMO.
https://bjimba.blogspot.com/2023/01/how-to-ask-vlc-whats-currently-playing.html
Stuart Longland (VK4MSL)
GNU/Linux.ch
Nico Rikken
x0r
🎹 Jim Russell 🎹
openSUSE Linux