ruby
diff --git a/‎lib/rexml/attribute.rb‎
Lines changed: 6 additions & 2 deletions b/‎lib/rexml/attribute.rb‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎lib/rexml/document.rb‎
Lines changed: 2 additions & 0 deletions b/‎lib/rexml/document.rb‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎lib/rexml/entity.rb‎
Lines changed: 7 additions & 2 deletions b/‎lib/rexml/entity.rb‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎lib/rexml/text.rb‎
Lines changed: 7 additions & 3 deletions b/‎lib/rexml/text.rb‎
Lines changed: 7 additions & 3 deletions
diff --git a/‎test/test_document.rb‎
Lines changed: 1 addition & 9 deletions b/‎test/test_document.rb‎
Lines changed: 1 addition & 9 deletions
@@ -148,8 +148,12 @@ def to_s
  # have been expanded to their values
  def value
  return @unnormalized if @unnormalized
- @unnormalized = Text::unnormalize( @normalized, doctype )
- @unnormalized
+
+ if @element&.document
+ @unnormalized = Text::unnormalize(@normalized, doctype, entity_expansion_text_limit: @element.document.entity_expansion_text_limit)
+ else
+ @unnormalized = Text::unnormalize(@normalized, doctype)
+ end
  end
 
  # The normalized value of this attribute. That is, the attribute with
 
@@ -92,6 +92,7 @@ class Document < Element
  def initialize( source = nil, context = {} )
  @entity_expansion_count = 0
  @entity_expansion_limit = Security.entity_expansion_limit
+ @entity_expansion_text_limit = Security.entity_expansion_text_limit
  super()
  @context = context
  return if source.nil?
@@ -432,6 +433,7 @@ def Document::entity_expansion_text_limit
  end
 
  attr_reader :entity_expansion_count
+ attr_accessor :entity_expansion_text_limit
 
  def record_entity_expansion
  @entity_expansion_count += 1
 
@@ -71,9 +71,14 @@ def Entity::matches? string
  # Evaluates to the unnormalized value of this entity; that is, replacing
  # &ent; entities.
  def unnormalized
- document.record_entity_expansion unless document.nil?
  return nil if @value.nil?
- @unnormalized = Text::unnormalize(@value, parent)
+
+ if document.nil?
+ @unnormalized = Text::unnormalize(@value, parent)
+ else
+ document.record_entity_expansion
+ @unnormalized = Text::unnormalize(@value, parent, entity_expansion_text_limit: document.entity_expansion_text_limit)
+ end
  end
 
  #once :unnormalized
 
@@ -268,7 +268,11 @@ def inspect
  # u = Text.new( "sean russell", false, nil, true )
  # u.value #-> "sean russell"
  def value
- @unnormalized ||= Text::unnormalize( @string, doctype )
+ if document.nil?
+ @unnormalized ||= Text::unnormalize(@string, doctype)
+ else
+ @unnormalized ||= Text::unnormalize(@string, doctype, entity_expansion_text_limit: document.entity_expansion_text_limit)
+ end
  end
 
  # Sets the contents of this text node. This expects the text to be
@@ -411,11 +415,11 @@ def Text::normalize( input, doctype=nil, entity_filter=nil )
  end
 
  # Unescapes all possible entities
- def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil )
+ def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil, entity_expansion_text_limit: Security.entity_expansion_text_limit )
  sum = 0
  string.gsub( /\r\n?/, "\n" ).gsub( REFERENCE ) {
  s = Text.expand($&, doctype, filter)
- if sum + s.bytesize > Security.entity_expansion_text_limit
+ if sum + s.bytesize > entity_expansion_text_limit
  raise "entity expansion has grown too large"
  else
  sum += s.bytesize
 
@@ -31,14 +31,6 @@ def test_new
  end
 
  class EntityExpansionLimitTest < Test::Unit::TestCase
- def setup
- @default_entity_expansion_text_limit = REXML::Security.entity_expansion_text_limit
- end
-
- def teardown
- REXML::Security.entity_expansion_text_limit = @default_entity_expansion_text_limit
- end
-
  class GeneralEntityTest < self
  def test_have_value
  xml = <<XML
@@ -138,8 +130,8 @@ def test_entity_expansion_text_limit
 <member>&a;</member>
  XML
 
- REXML::Security.entity_expansion_text_limit = 90
  doc = REXML::Document.new(xml)
+ doc.entity_expansion_text_limit = 90
  assert_equal(90, doc.root.children.first.value.bytesize)
  end
  end