[issue17538] Document XML Vulnerabilties
Christian Heimes
report at bugs.python.org
Mon Mar 25 13:16:49 CET 2013
Christian Heimes added the comment:
Donald: Thanks! I'm going to look at your patch later today.
Hynek: Because the preferred way is another: use patched expat and pyexpat C modules of defusedexpat. It's a fix on C level and still allows a sane amount of entity expansions. defusedxml disallows any XML document that smells even a tiny bit. This approach needs a) more reviews and b) an API to enable the limitations-
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17538>
_______________________________________
More information about the Python-bugs-list
mailing list