mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-09 10:37:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

bpo-17239: Disable external entities in SAX parser (GH-9217)

Browse source 
The SAX parser no longer processes general external entities by default
to increase security. Before, the parser created network connections
to fetch remote files or loaded local files from the file system for DTD
and entities.

Signed-off-by: Christian Heimes <christian@python.org>



https://bugs.python.org/issue17239
This commit is contained in:
Christian Heimes 2018-09-23 09:50:25 +02:00 committed by Miss Islington (bot)
parent 9fb051f032
commit 17b1d5d4e3
9 changed files with 120 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Lib/test/test_pulldom.py
View file

@ -3,6 +3,7 @@ import unittest
import xml.sax
from xml.sax.xmlreader import AttributesImpl
from xml.sax.handler import feature_external_ges
from xml.dom import pulldom
from test.support import findfile
@ -166,6 +167,12 @@ class PullDOMTestCase(unittest.TestCase):
# This should have returned 'END_ELEMENT'.
self.assertEqual(parser[-1][0], pulldom.START_DOCUMENT)
def test_external_ges_default(self):
parser = pulldom.parseString(SMALL_SAMPLE)
saxparser = parser.parser
ges = saxparser.getFeature(feature_external_ges)
self.assertEqual(ges, False)
class ThoroughTestCase(unittest.TestCase):
"""Test the hard-to-reach parts of pulldom."""