doc: update ParseOptions::HUGE documentation for untrusted docs

We've long documented this as a performance concern, when in reality it's a security concern. Large untrusted documents can cause OOM condition when the HUGE option is set.
sparklemotion · Mar 7, 2024 · 0b41d83 · 0b41d83
1 parent f0cda8b
commit 0b41d83
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/nokogiri/xml/parse_options.rb b/lib/nokogiri/xml/parse_options.rb
@@ -140,7 +140,7 @@ class ParseOptions
 
       # Relax any hardcoded limit from the parser. Off by default.
       #
-      # ⚠ There may be a performance penalty when this option is set.
+      # ⚠ <b>It is UNSAFE to set this option</b> when parsing untrusted documents.
       HUGE        = 1 << 19
 
       # Support line numbers up to <code>long int</code> (default is a <code>short int</code>). On