mirror of
https://github.com/django/django.git
synced 2025-12-23 09:19:27 +00:00
0db9ea4669
Previously, `getInnerText()` recursively used `list.extend()` on strings,
which added each character from child nodes as a separate list element.
On deeply nested XML content, this caused the overall deserialization
work to grow quadratically with input size, potentially allowing
disproportionate CPU consumption for crafted XML.
The fix separates collection of inner texts from joining them, so that
each subtree is joined only once, reducing the complexity to linear in
the size of the input. These changes also include a mitigation for a
xml.dom.minidom performance issue.
Thanks Seokchan Yoon (https://ch4n3.kr/) for report.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Backport of
|
||
|---|---|---|
| .. | ||
| _ext | ||
| _theme | ||
| faq | ||
| howto | ||
| internals | ||
| intro | ||
| man | ||
| misc | ||
| ref | ||
| releases | ||
| topics | ||
| conf.py | ||
| contents.txt | ||
| glossary.txt | ||
| index.txt | ||
| make.bat | ||
| Makefile | ||
| README.rst | ||
| requirements.txt | ||
| spelling_wordlist | ||
The documentation in this tree is in plain text files and can be viewed using any text file viewer. It uses `ReST`_ (reStructuredText), and the `Sphinx`_ documentation system. This allows it to be built into other forms for easier viewing and browsing. To create an HTML version of the docs: * Install Sphinx (using ``python -m pip install Sphinx`` or some other method). * In this docs/ directory, type ``make html`` (or ``make.bat html`` on Windows) at a shell prompt. The documentation in ``_build/html/index.html`` can then be viewed in a web browser. .. _ReST: https://docutils.sourceforge.io/rst.html .. _Sphinx: https://www.sphinx-doc.org/