This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author scoder
Recipients eli.bendersky, maker, r.david.murray, scoder, serhiy.storchaka
Date 2013-08-27.14:26:31
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Michele, could you elaborate how you would exploit this issue as a security risk?

I mean, I can easily create a (non-)XML-document with control characters manually, and the parser would reject it.

What part of the create-to-serialise process exactly is a problem here?
Date User Action Args
2013-08-27 14:26:31scodersetrecipients: + scoder, r.david.murray, eli.bendersky, maker, serhiy.storchaka
2013-08-27 14:26:31scodersetmessageid: <>
2013-08-27 14:26:31scoderlinkissue18850 messages
2013-08-27 14:26:31scodercreate