[docs] [issue17538] Document XML Vulnerabilties
report at bugs.python.org
Mon Mar 25 13:16:49 CET 2013
Christian Heimes added the comment:
Donald: Thanks! I'm going to look at your patch later today.
Hynek: Because the preferred way is another: use patched expat and pyexpat C modules of defusedexpat. It's a fix on C level and still allows a sane amount of entity expansions. defusedxml disallows any XML document that smells even a tiny bit. This approach needs a) more reviews and b) an API to enable the limitations-
Python tracker <report at bugs.python.org>
More information about the docs