[issue42051] plistlib inherits XML vulnerabilities: we should document them
Serhiy Storchaka
report at bugs.python.org
Sun Oct 18 09:37:17 EDT 2020
Serhiy Storchaka <storchaka+cpython at gmail.com> added the comment:
Seems that we can not control entity definitions and expansions. We only can limit the number of expanded entities per element (the size of self.data).
What is the reasonable default limit (taking into account that every < and 〹 is a separate entity)? How to name the limit parameter if we make it configurable? What type of exceptions should be raised?
----------
nosy: +christian.heimes
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42051>
_______________________________________
More information about the Python-bugs-list
mailing list