This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: xml.sax parser validation sometimes fails when obtaining DTDs from https sites
Type: security Stage:
Components: XML Versions: Python 2.7
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: failys, mcepl
Priority: normal Keywords:

Created on 2017-11-25 11:05 by failys, last changed 2022-04-11 14:58 by admin.

Messages (1)
msg306952 - (view) Author: Shamal Faily (failys) Date: 2017-11-25 11:05
If an XML document is externally validated against a DTD from a https site then, depending on the security posture of the hosting site, validation might fail.  This seems to be due to the lack of user agent information received by the host when the request for the DTD is sent.

Relaxing the security rules on the host does get around this problem, but this might not always be a solution for some.

I've observed with this issue with xml.sax.  I don't know how general this problem is in other XML handling components of Python2 or Python 3.
Date User Action Args
2022-04-11 14:58:54adminsetgithub: 76311
2018-03-05 00:31:31mceplsetnosy: + mcepl
2017-11-25 11:06:40failyssettype: security
2017-11-25 11:05:53failyscreate