Issue 18789: XML Vunerability Table Unclear

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/62989

classification

Title:	XML Vunerability Table Unclear
Type:	enhancement	Stage:	resolved
Components:	Documentation, XML	Versions:	Python 3.7, Python 3.6, Python 3.5, Python 2.7

process

Status:	closed	Resolution:	fixed
Dependencies:		Superseder:
Assigned To:	docs@python	Nosy List:	Mariatta, christian.heimes, docs@python, gvanrossum, joe-tennies, python-dev, rhettinger
Priority:	normal	Keywords:	easy, patch

Created on 2013-08-20 14:22 by joe-tennies, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Files
File name	Uploaded	Description	Edit
issue18789.patch	Mariatta, 2016-10-07 04:48		review

Messages (8)
msg195691 - (view)	Author: Joe Tennies (joe-tennies)	Date: 2013-08-20 14:22
EASY This is an issue with the 2.x and 3.x documentation. http://docs.python.org/3.2/library/xml.html#xml-vulnerabilities http://docs.python.org/dev/library/xml.html#xml-vulnerabilities http://docs.python.org/2/library/xml.html#xml-vulnerabilities This section has a table with a bunch of Trues and Falses. This is a bit confusing, especially for something that is trying to describe security concerns. After looking at the table, I'm pretty sure that True means vunerable (only due to the (1), (2), & (3) comments), but it's not clear. All that is needed is a heading stating "Vunerable", or change the "True" to "Vunerable" and "False" to "Not Vunerable" (probably V and NV w/ a legend).
msg242806 - (view)	Author: Mark Lawrence (BreamoreBoy) *	Date: 2015-05-09 11:02
@Joe The latest documentation has an additional sentence above the table "The following table gives an overview of the known attacks and whether the various modules are vulnerable to them." and the table has been changed to say Yes or No. Is this okay with you?
msg242883 - (view)	Author: Raymond Hettinger (rhettinger) *	Date: 2015-05-11 04:08
The table would still be more clear with "safe" and "vulnerable" entries.
msg278207 - (view)	Author: Mariatta (Mariatta) *	Date: 2016-10-06 19:36
I'll work on this :)
msg278230 - (view)	Author: Mariatta (Mariatta) *	Date: 2016-10-07 04:48
Hi, here is the patch. I followed Raymond's suggestion to use 'vulnerable' or 'safe' instead of the original 'True' or 'False'. Please check it out. Thanks :)
msg278620 - (view)	Author: Roundup Robot (python-dev)	Date: 2016-10-13 21:33
New changeset e05c546062a1 by Guido van Rossum in branch '3.5': Issue #18789: Update XML vulnerability table to use Safe/Vulnerable instead of No/Yes. https://hg.python.org/cpython/rev/e05c546062a1 New changeset beed43d7dc46 by Guido van Rossum in branch '3.6': Issue #18789: Update XML vulnerability table to use Safe/Vulnerable instead of No/Yes. (3.5->3.6) https://hg.python.org/cpython/rev/beed43d7dc46 New changeset 9513fac97ddd by Guido van Rossum in branch 'default': Issue #18789: Update XML vulnerability table to use Safe/Vulnerable instead of No/Yes. (3.6->3.7) https://hg.python.org/cpython/rev/9513fac97ddd
msg278621 - (view)	Author: Guido van Rossum (gvanrossum) *	Date: 2016-10-13 21:33
Thanks again!
msg278622 - (view)	Author: Roundup Robot (python-dev)	Date: 2016-10-13 21:35
New changeset 760403522d6b by Guido van Rossum in branch '2.7': Issue #18789: Update XML vulnerability table to use Safe/Vulnerable instead of No/Yes. (backport to 2.7) https://hg.python.org/cpython/rev/760403522d6b

History
Date	User	Action	Args
2022-04-11 14:57:49	admin	set	github: 62989
2016-10-13 21:35:36	python-dev	set	messages: + msg278622
2016-10-13 21:33:31	gvanrossum	set	status: open -> closed nosy: + gvanrossum messages: + msg278621 resolution: fixed stage: resolved
2016-10-13 21:33:03	python-dev	set	nosy: + python-dev messages: + msg278620
2016-10-07 04:48:39	Mariatta	set	files: + issue18789.patch keywords: + patch messages: + msg278230
2016-10-06 19:36:18	Mariatta	set	messages: + msg278207
2016-10-06 19:34:45	Mariatta	set	nosy: + Mariatta
2016-09-24 19:27:00	BreamoreBoy	set	nosy: - BreamoreBoy
2016-09-24 19:12:21	christian.heimes	set	keywords: + easy type: security -> enhancement versions: + Python 3.5, Python 3.6, Python 3.7, - Python 3.3, Python 3.4
2015-05-11 04:08:31	rhettinger	set	nosy: + rhettinger messages: + msg242883
2015-05-09 11:02:33	BreamoreBoy	set	nosy: + BreamoreBoy messages: + msg242806
2013-08-20 14:37:58	serhiy.storchaka	set	components: + XML versions: - Python 3.2, Python 3.5
2013-08-20 14:23:55	christian.heimes	set	nosy: + christian.heimes
2013-08-20 14:22:54	joe-tennies	create