Use https:// URLs where available

13 files changed, 33 insertions, 33 deletions

diff --git a/README.md b/README.md
index ed815e4..10f966f 100644
--- a/README.md
+++ b/README.md
@@ -38,7 +38,7 @@ Attack vectors
 
 ### billion laughs / exponential entity expansion
 
-The [Billion Laughs](http://en.wikipedia.org/wiki/Billion_laughs) attack
+The [Billion Laughs](https://en.wikipedia.org/wiki/Billion_laughs) attack
 -- also known as exponential entity expansion --uses multiple levels of
 nested entities. The original example uses 9 levels of 10 expansions in
 each level to expand the string `lol` to a string of 3 \* 10 ^9^ bytes,
@@ -64,7 +64,7 @@ Example XML:
 ### quadratic blowup entity expansion
 
 A quadratic blowup attack is similar to a [Billion
-Laughs](http://en.wikipedia.org/wiki/Billion_laughs) attack; it abuses
+Laughs](https://en.wikipedia.org/wiki/Billion_laughs) attack; it abuses
 entity expansion, too. Instead of nested entities it repeats one large
 entity with a couple of thousand chars over and over again. The attack
 isn't as efficient as the exponential case but it avoids triggering
@@ -450,7 +450,7 @@ I haven't researched yet if expat, pyexpat or libxml2 are vulnerable.
 ### decompression bomb
 
 The issue of decompression bombs (aka [ZIP
-bomb](http://en.wikipedia.org/wiki/Zip_bomb)) apply to all XML libraries
+bomb](https://en.wikipedia.org/wiki/Zip_bomb)) apply to all XML libraries
 that can parse compressed XML stream like gzipped HTTP streams or
 LZMA-ed files. For an attacker it can reduce the amount of transmitted
 data by three magnitudes or more. Gzip is able to compress 1 GiB zeros
@@ -464,7 +464,7 @@ to roughly 1 MB, lzma is even better:
 
 None of Python's standard XML libraries decompress streams except for
 `xmlrpclib`. The module is vulnerable
-&lt;<http://bugs.python.org/issue16043>&gt; to decompression bombs.
+&lt;<https://bugs.python.org/issue16043>&gt; to decompression bombs.
 
 lxml can load and process compressed data through libxml2 transparently.
 libxml2 can handle even very large blobs of compressed data efficiently
@@ -484,7 +484,7 @@ with network or local file access apply to processing instructions, too.
 
 ### Other DTD features
 
-[DTD](http://en.wikipedia.org/wiki/Document_Type_Definition) has more
+[DTD](https://en.wikipedia.org/wiki/Document_Type_Definition) has more
 features like `<!NOTATION>`. I haven't researched how these features may
 be a security threat.
 
@@ -516,7 +516,7 @@ use its xpath() method correctly:
 
 ### XInclude
 
-[XML Inclusion](http://www.w3.org/TR/xinclude/#include_element) is
+[XML Inclusion](https://www.w3.org/TR/xinclude/#include_element) is
 another way to load and include external files:
 
     <root xmlns:xi="http://www.w3.org/2001/XInclude">
@@ -613,7 +613,7 @@ disables network access but still allows local file access.
 ### C\# / .NET / Mono
 
 Information in [XML DoS and Defenses
-(MSDN)](http://msdn.microsoft.com/en-us/magazine/ee335713.aspx) suggest
+(MSDN)](https://msdn.microsoft.com/en-us/magazine/ee335713.aspx) suggest
 that .NET is vulnerable with its default settings. The article contains
 code snippets how to create a secure XML reader:
 
@@ -626,7 +626,7 @@ code snippets how to create a secure XML reader:
 ### Java
 
 Untested. The documentation of Xerces and its [Xerces
-SecurityMananger](http://xerces.apache.org/xerces2-j/javadocs/xerces2/org/apache/xerces/util/SecurityManager.html)
+SecurityMananger](https://xerces.apache.org/xerces2-j/javadocs/xerces2/org/apache/xerces/util/SecurityManager.html)
 sounds like Xerces is also vulnerable to billion laugh attacks with its
 default settings. It also does entity resolving when an
 `org.xml.sax.EntityResolver` is configured. I'm not yet sure about the
@@ -663,7 +663,7 @@ Copyright (c) 2013-2017 by Christian Heimes
 
 Licensed to PSF under a Contributor Agreement.
 
-See <http://www.python.org/psf/license> for licensing details.
+See <https://www.python.org/psf/license> for licensing details.
 
 Acknowledgements
 ----------------
@@ -695,7 +695,7 @@ Daniel Veillard (libxml2)
 
 :   Many thanks to Daniel for his insight and assistance with libxml2.
 
-semantics GmbH (<http://www.semantics.de/>)
+semantics GmbH (<https://www.semantics.de/>)
 
 :   Many thanks to my employer semantics for letting me work on the
     issue during working hours as part of semantics's open
@@ -705,10 +705,10 @@ References
 ----------
 
 -   [XML DoS and
-    Defenses (MSDN)](http://msdn.microsoft.com/en-us/magazine/ee335713.aspx)
--   [Billion Laughs](http://en.wikipedia.org/wiki/Billion_laughs) on
+    Defenses (MSDN)](https://msdn.microsoft.com/en-us/magazine/ee335713.aspx)
+-   [Billion Laughs](https://en.wikipedia.org/wiki/Billion_laughs) on
     Wikipedia
--   [ZIP bomb](http://en.wikipedia.org/wiki/Zip_bomb) on Wikipedia
+-   [ZIP bomb](https://en.wikipedia.org/wiki/Zip_bomb) on Wikipedia
 -   [Configure SAX parsers for secure
     processing](http://www.ibm.com/developerworks/xml/library/x-tipcfsx/index.html)
 -   [Testing for XML
diff --git a/README.txt b/README.txt
index ad759cc..ae2adc5 100644
--- a/README.txt
+++ b/README.txt
@@ -503,7 +503,7 @@ lzma is even better::
      148K zeros.xy
 
 None of Python's standard XML libraries decompress streams except for
-``xmlrpclib``. The module is vulnerable <http://bugs.python.org/issue16043>
+``xmlrpclib``. The module is vulnerable <https://bugs.python.org/issue16043>
 to decompression bombs.
 
 lxml can load and process compressed data through libxml2 transparently.
@@ -716,7 +716,7 @@ Copyright (c) 2013-2017 by Christian Heimes <christian@python.org>
 
 Licensed to PSF under a Contributor Agreement.
 
-See http://www.python.org/psf/license for licensing details.
+See https://www.python.org/psf/license for licensing details.
 
 
 Acknowledgements
@@ -743,7 +743,7 @@ Carl Meyer (Django)
 Daniel Veillard (libxml2)
   Many thanks to Daniel for his insight and assistance with libxml2.
 
-semantics GmbH (http://www.semantics.de/)
+semantics GmbH (https://www.semantics.de/)
   Many thanks to my employer semantics for letting me work on the issue
   during working hours as part of semantics's open source initiative.
 
@@ -764,13 +764,13 @@ References
 .. _modified expat: https://bitbucket.org/tiran/expat
 .. _expat parser: http://expat.sourceforge.net/
 .. _Attacking XML Security: https://www.isecpartners.com/media/12976/iSEC-HILL-Attacking-XML-Security-bh07.pdf
-.. _Billion Laughs: http://en.wikipedia.org/wiki/Billion_laughs
-.. _XML DoS and Defenses (MSDN): http://msdn.microsoft.com/en-us/magazine/ee335713.aspx
-.. _ZIP bomb: http://en.wikipedia.org/wiki/Zip_bomb
-.. _DTD: http://en.wikipedia.org/wiki/Document_Type_Definition
+.. _Billion Laughs: https://en.wikipedia.org/wiki/Billion_laughs
+.. _XML DoS and Defenses (MSDN): https://msdn.microsoft.com/en-us/magazine/ee335713.aspx
+.. _ZIP bomb: https://en.wikipedia.org/wiki/Zip_bomb
+.. _DTD: https://en.wikipedia.org/wiki/Document_Type_Definition
 .. _PI: https://en.wikipedia.org/wiki/Processing_Instruction
 .. _Avoid the dangers of XPath injection: http://www.ibm.com/developerworks/xml/library/x-xpathinjection/index.html
 .. _Configure SAX parsers for secure processing: http://www.ibm.com/developerworks/xml/library/x-tipcfsx/index.html
 .. _Testing for XML Injection: https://www.owasp.org/index.php/Testing_for_XML_Injection_(OWASP-DV-008)
-.. _Xerces SecurityMananger: http://xerces.apache.org/xerces2-j/javadocs/xerces2/org/apache/xerces/util/SecurityManager.html
-.. _XML Inclusion: http://www.w3.org/TR/xinclude/#include_element
+.. _Xerces SecurityMananger: https://xerces.apache.org/xerces2-j/javadocs/xerces2/org/apache/xerces/util/SecurityManager.html
+.. _XML Inclusion: https://www.w3.org/TR/xinclude/#include_element
diff --git a/defusedxml/ElementTree.py b/defusedxml/ElementTree.py
index 41b2ea8..5d5cdf5 100644
--- a/defusedxml/ElementTree.py
+++ b/defusedxml/ElementTree.py
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2013 by Christian Heimes <christian@python.org>
 # Licensed to PSF under a Contributor Agreement.
-# See http://www.python.org/psf/license for licensing details.
+# See https://www.python.org/psf/license for licensing details.
 """Defused xml.etree.ElementTree facade
 """
 from __future__ import print_function, absolute_import
diff --git a/defusedxml/__init__.py b/defusedxml/__init__.py
index 590a5a9..5743ae3 100644
--- a/defusedxml/__init__.py
+++ b/defusedxml/__init__.py
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2013 by Christian Heimes <christian@python.org>
 # Licensed to PSF under a Contributor Agreement.
-# See http://www.python.org/psf/license for licensing details.
+# See https://www.python.org/psf/license for licensing details.
 """Defuse XML bomb denial of service vulnerabilities
 """
 from __future__ import print_function, absolute_import
diff --git a/defusedxml/cElementTree.py b/defusedxml/cElementTree.py
index cc13689..0c1baf8 100644
--- a/defusedxml/cElementTree.py
+++ b/defusedxml/cElementTree.py
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2013 by Christian Heimes <christian@python.org>
 # Licensed to PSF under a Contributor Agreement.
-# See http://www.python.org/psf/license for licensing details.
+# See https://www.python.org/psf/license for licensing details.
 """Defused xml.etree.cElementTree
 """
 from __future__ import absolute_import
diff --git a/defusedxml/common.py b/defusedxml/common.py
index 668b609..be23e97 100644
--- a/defusedxml/common.py
+++ b/defusedxml/common.py
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2013 by Christian Heimes <christian@python.org>
 # Licensed to PSF under a Contributor Agreement.
-# See http://www.python.org/psf/license for licensing details.
+# See https://www.python.org/psf/license for licensing details.
 """Common constants, exceptions and helpe functions
 """
 import sys
diff --git a/defusedxml/expatbuilder.py b/defusedxml/expatbuilder.py
index 0eb6b91..ffe4f7d 100644
--- a/defusedxml/expatbuilder.py
+++ b/defusedxml/expatbuilder.py
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2013 by Christian Heimes <christian@python.org>
 # Licensed to PSF under a Contributor Agreement.
-# See http://www.python.org/psf/license for licensing details.
+# See https://www.python.org/psf/license for licensing details.
 """Defused xml.dom.expatbuilder
 """
 from __future__ import print_function, absolute_import
diff --git a/defusedxml/expatreader.py b/defusedxml/expatreader.py
index ef6bc39..f2ec286 100644
--- a/defusedxml/expatreader.py
+++ b/defusedxml/expatreader.py
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2013 by Christian Heimes <christian@python.org>
 # Licensed to PSF under a Contributor Agreement.
-# See http://www.python.org/psf/license for licensing details.
+# See https://www.python.org/psf/license for licensing details.
 """Defused xml.sax.expatreader
 """
 from __future__ import print_function, absolute_import
diff --git a/defusedxml/lxml.py b/defusedxml/lxml.py
index 7f3ee0b..3468824 100644
--- a/defusedxml/lxml.py
+++ b/defusedxml/lxml.py
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2013 by Christian Heimes <christian@python.org>
 # Licensed to PSF under a Contributor Agreement.
-# See http://www.python.org/psf/license for licensing details.
+# See https://www.python.org/psf/license for licensing details.
 """Example code for lxml.etree protection
 
 The code has NO protection against decompression bombs.
diff --git a/defusedxml/minidom.py b/defusedxml/minidom.py
index 0fd8684..eea895c 100644
--- a/defusedxml/minidom.py
+++ b/defusedxml/minidom.py
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2013 by Christian Heimes <christian@python.org>
 # Licensed to PSF under a Contributor Agreement.
-# See http://www.python.org/psf/license for licensing details.
+# See https://www.python.org/psf/license for licensing details.
 """Defused xml.dom.minidom
 """
 from __future__ import print_function, absolute_import
diff --git a/defusedxml/pulldom.py b/defusedxml/pulldom.py
index fc9e466..e2c846a 100644
--- a/defusedxml/pulldom.py
+++ b/defusedxml/pulldom.py
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2013 by Christian Heimes <christian@python.org>
 # Licensed to PSF under a Contributor Agreement.
-# See http://www.python.org/psf/license for licensing details.
+# See https://www.python.org/psf/license for licensing details.
 """Defused xml.dom.pulldom
 """
 from __future__ import print_function, absolute_import
diff --git a/defusedxml/sax.py b/defusedxml/sax.py
index 534d0ca..77aebc5 100644
--- a/defusedxml/sax.py
+++ b/defusedxml/sax.py
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2013 by Christian Heimes <christian@python.org>
 # Licensed to PSF under a Contributor Agreement.
-# See http://www.python.org/psf/license for licensing details.
+# See https://www.python.org/psf/license for licensing details.
 """Defused xml.sax
 """
 from __future__ import print_function, absolute_import
diff --git a/defusedxml/xmlrpc.py b/defusedxml/xmlrpc.py
index 2a456e6..5572c6b 100644
--- a/defusedxml/xmlrpc.py
+++ b/defusedxml/xmlrpc.py
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2013 by Christian Heimes <christian@python.org>
 # Licensed to PSF under a Contributor Agreement.
-# See http://www.python.org/psf/license for licensing details.
+# See https://www.python.org/psf/license for licensing details.
 """Defused xmlrpclib
 
 Also defuses gzip bomb