Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
cpython
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
cpython
Commits
da76aa8e
Commit
da76aa8e
authored
Mar 30, 2013
by
Gregory P. Smith
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix typos and clear up one very odd bit of wording as pointed out by
Ezio.
parent
e66e7de5
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
7 additions
and
5 deletions
+7
-5
Doc/library/xml.rst
Doc/library/xml.rst
+7
-5
No files found.
Doc/library/xml.rst
View file @
da76aa8e
...
@@ -108,20 +108,22 @@ all known attack vectors with examples and references.
...
@@ -108,20 +108,22 @@ all known attack vectors with examples and references.
defused
packages
defused
packages
----------------
----------------
These
external
packages
are
recommended
for
any
code
that
parses
untrusted
XML
data
.
`
defusedxml
`
_
is
a
pure
Python
package
with
modified
subclasses
of
all
stdlib
`
defusedxml
`
_
is
a
pure
Python
package
with
modified
subclasses
of
all
stdlib
XML
parsers
that
prevent
any
potentially
malicious
operation
.
The
courses
of
XML
parsers
that
prevent
any
potentially
malicious
operation
.
The
action
are
recommended
for
any
server
code
that
parses
untrusted
XML
data
.
The
package
also
ships
with
example
exploits
and
extended
documentation
on
more
package
also
ships
with
example
exploits
and
an
extended
documentation
on
more
XML
exploits
like
xpath
injection
.
XML
exploits
like
xpath
injection
.
`
defusedexpat
`
_
provides
a
modified
libexpat
and
patched
replacment
`
defusedexpat
`
_
provides
a
modified
libexpat
and
patched
replac
e
ment
:
mod
:`
pyexpat
`
extension
module
with
countermeasures
against
entity
expansion
:
mod
:`
pyexpat
`
extension
module
with
countermeasures
against
entity
expansion
DoS
attacks
.
Defusedexpat
still
allows
a
sane
and
configurable
amount
of
entity
DoS
attacks
.
Defusedexpat
still
allows
a
sane
and
configurable
amount
of
entity
expansions
.
The
modifications
will
be
merged
into
future
releases
of
Python
.
expansions
.
The
modifications
will
be
merged
into
future
releases
of
Python
.
The
workarounds
and
modifications
are
not
included
in
patch
releases
as
they
The
workarounds
and
modifications
are
not
included
in
patch
releases
as
they
break
backward
compatibility
.
After
all
inline
DTD
and
entity
expansion
are
break
backward
compatibility
.
After
all
inline
DTD
and
entity
expansion
are
well
-
defin
i
ed
XML
features
.
well
-
defined
XML
features
.
..
_defusedxml
:
https
://
pypi
.
python
.
org
/
pypi
/
defusedxml
/
..
_defusedxml
:
https
://
pypi
.
python
.
org
/
pypi
/
defusedxml
/
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment