[docs] [issue17538] Document XML Vulnerabilties
report at bugs.python.org
Tue Mar 26 10:45:29 CET 2013
Georg Brandl added the comment:
* I would take out the "erroneous" of "erroneous or maliciously constructed" in the disclaimers. The odds of creating one of the "bombings" by chance are slim.
* The names of attacks in the table are quite opaque if you haven't heard of them. They should be linked/explained. (Also, the csv-table construction looks quite strange; a normal reST table would be preferred.)
* I don't think the warning for SAX needs to be repeated three times.
* Not sure the reader will get the reason for having both "defusedxml" and "defusedexpat".
Python tracker <report at bugs.python.org>
More information about the docs