diff options
author | Christian Heimes <christian@python.org> | 2013-02-15 11:15:41 +0100 |
---|---|---|
committer | Christian Heimes <christian@python.org> | 2013-02-15 11:15:41 +0100 |
commit | 2f1b8f7596f9e1932b058ec1cf7a255a42480a9d (patch) | |
tree | 9c7f741a16c5181fa94edc1c83d556c3530e683b | |
parent | 58f548bd04465686142791849c2e63a4842f5d0d (diff) | |
download | defusedxml-git-2f1b8f7596f9e1932b058ec1cf7a255a42480a9d.tar.gz |
Document forbid_external
-rw-r--r-- | README.txt | 18 |
1 files changed, 12 insertions, 6 deletions
@@ -223,18 +223,20 @@ defusedxml The `defusedxml package`_ contains several Python-only workarounds and fixes for denial of service and other vulnerabilities in Python's XML libraries. -All functions and parser classes accept two additional keyword arguments. +All functions and parser classes accept three additional keyword arguments. forbid_dtd (default: False) disallow XML with a ``<!DOCTYPE>`` processing instruction and raise a - DTDForbidden exception + DTDForbidden exception when a DTD processing instruction is found. forbid_entities (default: True) - disallow XML with ``<!ENTITY>`` declarations inside the DTD and raise a - EntitiesForbidden exception + disallow XML with ``<!ENTITY>`` declarations inside the DTD and raise an + EntitiesForbidden exception when an entity is declared. -All parsers also enforce a hard ban of external entities and retrieval of -external DTDs by raising an ExternalReferenceForbidden exception. +forbid_external (default: True) + disallow any access to remote or local resources in external entities + or DTD and raising an ExternalReferenceForbidden exception when a DTD + or entity references an external resource. defused.cElementTree @@ -266,21 +268,25 @@ defused.expatbuilder parse(), parseString(), DefusedExpatBuilder, DefusedExpatBuilderNS + defused.minidom --------------- parse(), parseString() + defused.pulldom --------------- parse(), parseString() + defused.xmlrpclib ----------------- TODO + defused.lxml ------------ |