Browse Source
Fix Python version since which external enities are not resolved by default. (GH-11237)
pull/11992/head
Serhiy Storchaka
7 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with
3 additions and
3 deletions
-
Doc/library/xml.dom.pulldom.rst
-
Doc/library/xml.rst
-
Doc/library/xml.sax.rst
|
|
|
@ -25,7 +25,7 @@ events until either processing is finished or an error condition occurs. |
|
|
|
maliciously constructed data. If you need to parse untrusted or |
|
|
|
unauthenticated data see :ref:`xml-vulnerabilities`. |
|
|
|
|
|
|
|
.. versionchanged:: 3.8 |
|
|
|
.. versionchanged:: 3.7.1 |
|
|
|
|
|
|
|
The SAX parser no longer processes general external entities by default to |
|
|
|
increase security by default. To enable processing of external entities, |
|
|
|
|
|
|
|
@ -75,7 +75,7 @@ decompression bomb Safe Safe Safe S |
|
|
|
2. :mod:`xml.dom.minidom` doesn't expand external entities and simply returns |
|
|
|
the unexpanded entity verbatim. |
|
|
|
3. :mod:`xmlrpclib` doesn't expand external entities and omits them. |
|
|
|
4. Since Python 3.8, external general entities are no longer processed by |
|
|
|
4. Since Python 3.7.1, external general entities are no longer processed by |
|
|
|
default. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -24,7 +24,7 @@ the SAX API. |
|
|
|
constructed data. If you need to parse untrusted or unauthenticated data see |
|
|
|
:ref:`xml-vulnerabilities`. |
|
|
|
|
|
|
|
.. versionchanged:: 3.8 |
|
|
|
.. versionchanged:: 3.7.1 |
|
|
|
|
|
|
|
The SAX parser no longer processes general external entities by default |
|
|
|
to increase security. Before, the parser created network connections |
|
|
|
|
