subject:"\[issue24238\] Avoid entity expansion attacks in Element Tree"

[issue24238] Avoid entity expansion attacks in Element Tree

2016-06-03 Thread Martin Panter

Martin Panter added the comment: Today I discovered that Christian’s defusedxml project already does the same sort of thing. The difference is he calls the parameter forbid_entities. So I have updated my patch and changed the name from reject_entities to forbid_entities for compatibility. ---

[issue24238] Avoid entity expansion attacks in Element Tree

2015-12-08 Thread Serhiy Storchaka

Changes by Serhiy Storchaka : -- nosy: +serhiy.storchaka stage: -> patch review ___ Python tracker ___ ___ Python-bugs-list mailing l

[issue24238] Avoid entity expansion attacks in Element Tree

2015-05-19 Thread Martin Panter

New submission from Martin Panter: This patch could be the basis of an alternative to Christian Heimes’s patch in Issue 17239. It adds a parser flag to the Element Tree modules so that they will immediately raise an exception when an entity declaration is encountered. I believe this should be

[issue24238] Avoid entity expansion attacks in Element Tree

[issue24238] Avoid entity expansion attacks in Element Tree

[issue24238] Avoid entity expansion attacks in Element Tree

3 matches

Site Navigation

Mail list logo

Footer information