[docs] [issue17538] Document XML Vulnerabilties

Georg Brandl report at bugs.python.org
Tue Mar 26 10:45:29 CET 2013

Georg Brandl added the comment:

* I would take out the "erroneous" of "erroneous or maliciously constructed" in the disclaimers.  The odds of creating one of the "bombings" by chance are slim.

* The names of attacks in the table are quite opaque if you haven't heard of them.  They should be linked/explained.  (Also, the csv-table construction looks quite strange; a normal reST table would be preferred.)

* I don't think the warning for SAX needs to be repeated three times.

* Not sure the reader will get the reason for having both "defusedxml" and "defusedexpat".


Python tracker <report at bugs.python.org>

More information about the docs mailing list