Christian Heimes added the comment: Donald: Thanks! I'm going to look at your patch later today.
Hynek: Because the preferred way is another: use patched expat and pyexpat C modules of defusedexpat. It's a fix on C level and still allows a sane amount of entity expansions. defusedxml disallows any XML document that smells even a tiny bit. This approach needs a) more reviews and b) an API to enable the limitations- ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue17538> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
