This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author scoder
Recipients eli.bendersky, maker, r.david.murray, scoder, serhiy.storchaka
Date 2013-08-27.14:26:31
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1377613591.73.0.981493978188.issue18850@psf.upfronthosting.co.za>
In-reply-to
Content
Michele, could you elaborate how you would exploit this issue as a security risk?

I mean, I can easily create a (non-)XML-document with control characters manually, and the parser would reject it.

What part of the create-to-serialise process exactly is a problem here?
History
Date User Action Args
2013-08-27 14:26:31scodersetrecipients: + scoder, r.david.murray, eli.bendersky, maker, serhiy.storchaka
2013-08-27 14:26:31scodersetmessageid: <1377613591.73.0.981493978188.issue18850@psf.upfronthosting.co.za>
2013-08-27 14:26:31scoderlinkissue18850 messages
2013-08-27 14:26:31scodercreate