mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-04 00:48:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

bpo-17239: Disable external entities in SAX parser (GH-9217)

Browse source 
The SAX parser no longer processes general external entities by default
to increase security. Before, the parser created network connections
to fetch remote files or loaded local files from the file system for DTD
and entities.

Signed-off-by: Christian Heimes <christian@python.org>



https://bugs.python.org/issue17239
This commit is contained in:
Christian Heimes 2018-09-23 09:50:25 +02:00 committed by Miss Islington (bot)
parent 9fb051f032
commit 17b1d5d4e3
9 changed files with 120 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

14
Doc/library/xml.dom.pulldom.rst
View file

@ -25,6 +25,20 @@ events until either processing is finished or an error condition occurs.
maliciously constructed data. If you need to parse untrusted or
unauthenticated data see :ref:`xml-vulnerabilities`.
.. versionchanged:: 3.8
The SAX parser no longer processes general external entities by default to
increase security by default. To enable processing of external entities,
pass a custom parser instance in::
from xml.dom.pulldom import parse
from xml.sax import make_parser
from xml.sax.handler import feature_external_ges
parser = make_parser()
parser.setFeature(feature_external_ges, True)
parse(filename, parser=parser)
Example::