diff -r 6fc9103d55f0 Doc/library/xml.dom.minidom.rst
--- a/Doc/library/xml.dom.minidom.rst Sun Mar 24 14:54:25 2013 -0700
+++ b/Doc/library/xml.dom.minidom.rst Sun Mar 24 22:25:52 2013 -0400
@@ -20,6 +20,15 @@
not already proficient with the DOM should consider using the
:mod:`xml.etree.ElementTree` module for their XML processing instead
+
+.. warning::
+
+ The :mod:`xml.dom.minidom` module is not secure against erroneous or
+ maliciously constructed data. If you need to parse untrusted or
+ unauthenticated data see
+ `defusedxml `_.
+
+
DOM applications typically start by parsing some XML into a DOM. With
:mod:`xml.dom.minidom`, this is done through the parse functions::
diff -r 6fc9103d55f0 Doc/library/xml.dom.pulldom.rst
--- a/Doc/library/xml.dom.pulldom.rst Sun Mar 24 14:54:25 2013 -0700
+++ b/Doc/library/xml.dom.pulldom.rst Sun Mar 24 22:25:52 2013 -0400
@@ -16,6 +16,14 @@
Object Model representation of a document from SAX events.
+.. warning::
+
+ The :mod:`xml.dom.pulldom` module is not secure against erroneous or
+ maliciously constructed data. If you need to parse untrusted or
+ unauthenticated data see
+ `defusedxml `_.
+
+
.. class:: PullDOM([documentFactory])
:class:`xml.sax.handler.ContentHandler` implementation that ...
diff -r 6fc9103d55f0 Doc/library/xml.etree.elementtree.rst
--- a/Doc/library/xml.etree.elementtree.rst Sun Mar 24 14:54:25 2013 -0700
+++ b/Doc/library/xml.etree.elementtree.rst Sun Mar 24 22:25:52 2013 -0400
@@ -16,6 +16,15 @@
hierarchical data structures in memory. The type can be described as a cross
between a list and a dictionary.
+
+.. warning::
+
+ The :mod:`xml.etree.ElementTree` module is not secure against erroneous or
+ maliciously constructed data. If you need to parse untrusted or
+ unauthenticated data see
+ `defusedxml `_.
+
+
Each element has a number of properties associated with it:
* a tag which is a string identifying what kind of data this element represents
diff -r 6fc9103d55f0 Doc/library/xml.sax.handler.rst
--- a/Doc/library/xml.sax.handler.rst Sun Mar 24 14:54:25 2013 -0700
+++ b/Doc/library/xml.sax.handler.rst Sun Mar 24 22:25:52 2013 -0400
@@ -18,6 +18,14 @@
:mod:`xml.sax.handler`, so that all methods get default implementations.
+.. warning::
+
+ The :mod:`xml.sax.handler` module is not secure against erroneous or
+ maliciously constructed data. If you need to parse untrusted or
+ unauthenticated data see
+ `defusedxml `_.
+
+
.. class:: ContentHandler
This is the main callback interface in SAX, and the one most important to
diff -r 6fc9103d55f0 Doc/library/xml.sax.reader.rst
--- a/Doc/library/xml.sax.reader.rst Sun Mar 24 14:54:25 2013 -0700
+++ b/Doc/library/xml.sax.reader.rst Sun Mar 24 22:25:52 2013 -0400
@@ -16,6 +16,14 @@
a new parser object.
+.. warning::
+
+ The :mod:`xml.sax.xmlreader` module is not secure against erroneous or
+ maliciously constructed data. If you need to parse untrusted or
+ unauthenticated data see
+ `defusedxml `_.
+
+
.. class:: XMLReader()
Base class which can be inherited by SAX parsers.
diff -r 6fc9103d55f0 Doc/library/xml.sax.rst
--- a/Doc/library/xml.sax.rst Sun Mar 24 14:54:25 2013 -0700
+++ b/Doc/library/xml.sax.rst Sun Mar 24 22:25:52 2013 -0400
@@ -16,6 +16,14 @@
SAX exceptions and the convenience functions which will be most used by users of
the SAX API.
+
+.. warning::
+
+ The :mod:`xml.sax` module is not secure against erroneous or maliciously
+ constructed data. If you need to parse untrusted or unauthenticated data see
+ `defusedxml `_.
+
+
The convenience functions are:
diff -r 6fc9103d55f0 Doc/library/xmlrpclib.rst
--- a/Doc/library/xmlrpclib.rst Sun Mar 24 14:54:25 2013 -0700
+++ b/Doc/library/xmlrpclib.rst Sun Mar 24 22:25:52 2013 -0400
@@ -28,6 +28,13 @@
between conformable Python objects and XML on the wire.
+.. warning::
+
+ The :mod:`xmlrpclib` module is not secure against erroneous or maliciously
+ constructed data. If you need to parse untrusted or unauthenticated data see
+ `defusedxml `_.
+
+
.. class:: ServerProxy(uri[, transport[, encoding[, verbose[, allow_none[, use_datetime]]]]])
A :class:`ServerProxy` instance is an object that manages communication with a