[Python-Dev] xml.sax and xml.dom fetch DTDs by default
Christian Heimes
christian at python.org
Fri Feb 22 01:07:06 CET 2013
Am 22.02.2013 00:47, schrieb Paul Boddie:
> Perhaps related to the discussion of denial-of-service vulnerabilities is the
> matter of controlling access to remote resources. I suppose that after the
> following bug was closed, no improvements were made to the standard library:
>
> http://bugs.python.org/issue2124
>
> Do Python programs still visit the W3C site millions of times every day to
> download DTDs that they are not, by default, able to remember from their last
> visit?
Affirmative for Python 2.6 to 3.4 dev! It's all in my documentation, too.
https://pypi.python.org/pypi/defusedxml#python-xml-libraries
Christian
More information about the Python-Dev
mailing list