@@ -41,7 +41,7 @@ def initialize(response, settings = nil, options = {})
4141
4242 @options = options
4343 @response = RubySaml ::XML ::Decoder . decode_message ( response , @settings &.message_max_bytesize )
44- @document = REXML :: Document . new ( @response )
44+ @document = RubySaml :: XML . safe_load_nokogiri ( @response )
4545 super ( )
4646 end
4747
@@ -60,22 +60,17 @@ def success?
6060 # @return [String|nil] Gets the InResponseTo attribute from the Logout Response if exists.
6161 #
6262 def in_response_to
63- @in_response_to ||= begin
64- node = REXML ::XPath . first (
65- document ,
66- "/p:LogoutResponse" ,
67- { "p" => RubySaml ::XML ::NS_PROTOCOL }
68- )
69- node . nil? ? nil : node . attributes [ 'InResponseTo' ]
70- end
63+ @in_response_to ||= document . at_xpath (
64+ "/p:LogoutResponse" ,
65+ { "p" => RubySaml ::XML ::NS_PROTOCOL }
66+ ) &.[]( 'InResponseTo' )
7167 end
7268
7369 # @return [String] Gets the Issuer from the Logout Response.
7470 #
7571 def issuer
7672 @issuer ||= begin
77- node = REXML ::XPath . first (
78- document ,
73+ node = document . at_xpath (
7974 "/p:LogoutResponse/a:Issuer" ,
8075 { "p" => RubySaml ::XML ::NS_PROTOCOL , "a" => RubySaml ::XML ::NS_ASSERTION }
8176 )
@@ -86,16 +81,15 @@ def issuer
8681 # @return [String] Gets the StatusCode from a Logout Response.
8782 #
8883 def status_code
89- @status_code ||= begin
90- node = REXML :: XPath . first ( document , "/p:LogoutResponse/p:Status/p:StatusCode" , { "p" => RubySaml :: XML :: NS_PROTOCOL } )
91- node . nil? ? nil : node . attributes [ "Value" ]
92- end
84+ @status_code ||= document . at_xpath (
85+ "/p:LogoutResponse/p:Status/p:StatusCode" ,
86+ { "p" => RubySaml :: XML :: NS_PROTOCOL }
87+ ) &.[] ( 'Value' )
9388 end
9489
9590 def status_message
9691 @status_message ||= begin
97- node = REXML ::XPath . first (
98- document ,
92+ node = document . at_xpath (
9993 "/p:LogoutResponse/p:Status/p:StatusMessage" ,
10094 { "p" => RubySaml ::XML ::NS_PROTOCOL }
10195 )
0 commit comments