Message 378707 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	vstinner
Date	2020-10-16.08:32:09
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1602837130.12.0.103266772697.issue42051@roundup.psfhosted.org>
In-reply-to

Content
The XML documentation starts with a red warning: "Warning: The XML modules are not secure against erroneous or maliciously constructed data. If you need to parse untrusted or unauthenticated data see the XML vulnerabilities and The defusedxml Package sections. " https://docs.python.org/dev/library/xml.html I suggest to add the same warning to the plistlib library which uses the XML parser internally to handle XML files.

The XML documentation starts with a red warning:

"Warning: The XML modules are not secure against erroneous or maliciously constructed data. If you need to parse untrusted or unauthenticated data see the XML vulnerabilities and The defusedxml Package sections. "
https://docs.python.org/dev/library/xml.html

I suggest to add the same warning to the plistlib library which uses the XML parser internally to handle XML files.

History
Date	User	Action	Args
2020-10-16 08:32:10	vstinner	set	recipients: + vstinner
2020-10-16 08:32:10	vstinner	set	messageid: <1602837130.12.0.103266772697.issue42051@roundup.psfhosted.org>
2020-10-16 08:32:10	vstinner	link	issue42051 messages
2020-10-16 08:32:09	vstinner	create