[docs] [issue17538] Document XML Vulnerabilties

Christian Heimes report at bugs.python.org
Mon Mar 25 13:16:49 CET 2013

Christian Heimes added the comment:

Donald: Thanks! I'm going to look at your patch later today.

Hynek: Because the preferred way is another: use patched expat and pyexpat C modules of defusedexpat. It's a fix on C level and still allows a sane amount of entity expansions. defusedxml disallows any XML document that smells even a tiny bit. This approach needs a) more reviews and b) an API to enable the limitations-


Python tracker <report at bugs.python.org>

More information about the docs mailing list