diff options
author | Christian Heimes <christian@cheimes.de> | 2013-03-26 17:53:05 +0100 |
---|---|---|
committer | Christian Heimes <christian@cheimes.de> | 2013-03-26 17:53:05 +0100 |
commit | 23790b4be0b6d5af4f79c23fd99e03a1499a1bb5 (patch) | |
tree | 69827d9b0b1d8f03541fa943517a8eb13d1b0d09 /Doc/library/xml.dom.minidom.rst | |
parent | 4b394db41f7d5347e4a4083305bfcda562bc38f8 (diff) | |
download | cpython-git-23790b4be0b6d5af4f79c23fd99e03a1499a1bb5.tar.gz |
Issue 17538: Document XML vulnerabilties
Diffstat (limited to 'Doc/library/xml.dom.minidom.rst')
-rw-r--r-- | Doc/library/xml.dom.minidom.rst | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/Doc/library/xml.dom.minidom.rst b/Doc/library/xml.dom.minidom.rst index bcc2ec6686..70f0c03076 100644 --- a/Doc/library/xml.dom.minidom.rst +++ b/Doc/library/xml.dom.minidom.rst @@ -20,6 +20,14 @@ to be simpler than the full DOM and also significantly smaller. Users who are not already proficient with the DOM should consider using the :mod:`xml.etree.ElementTree` module for their XML processing instead + +.. warning:: + + The :mod:`xml.dom.minidom` module is not secure against + maliciously constructed data. If you need to parse untrusted or + unauthenticated data see :ref:`xml-vulnerabilities`. + + DOM applications typically start by parsing some XML into a DOM. With :mod:`xml.dom.minidom`, this is done through the parse functions:: |