summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Heimes <christian@python.org>2013-02-25 12:02:49 +0100
committerChristian Heimes <christian@python.org>2013-02-25 12:02:49 +0100
commitab70dd26579de407bfb67a388ff37e0bb498ba19 (patch)
tree273be559607c5226795a19aafcb52501b33f588c
parent305ca5aba4fea09f0bedfd9e69ad5c4d9887622d (diff)
downloaddefusedxml-git-ab70dd26579de407bfb67a388ff37e0bb498ba19.tar.gz
Add links to PyPI
fixed grammar (thx Terry)
-rw-r--r--README.txt10
1 files changed, 7 insertions, 3 deletions
diff --git a/README.txt b/README.txt
index ac04ede..811a700 100644
--- a/README.txt
+++ b/README.txt
@@ -73,7 +73,7 @@ quadratic blowup entity expansion
A quadratic blowup attack is similar to a `Billion Laughs`_ attack; it abuses
entity expansion, too. Instead of nested entities it repeats one large entity
-with a couple of ten thousand chars over and over again. The attack isn't as
+with a couple of thousand chars over and over again. The attack isn't as
efficient as the exponential case but it avoids triggering countermeasures of
parsers against heavily nested entities. Some parsers limit the depth and
breadth of a single entity but not the total amount of expanded text
@@ -241,7 +241,8 @@ entities
defusedxml
==========
-The `defusedxml package`_ contains several Python-only workarounds and fixes
+The `defusedxml package`_ (`defusedxml on PyPI`_)
+contains several Python-only workarounds and fixes
for denial of service and other vulnerabilities in Python's XML libraries.
In order to benefit from the protection you just have to import and use the
listed functions / classes from the right defusedxml module instead of the
@@ -360,7 +361,8 @@ RestrictedElement, GlobalParserTLS, getDefaultParser(), check_docinfo()
defusedexpat
============
-The `defusedexpat package`_ comes with binary extensions and a
+The `defusedexpat package`_ (`defusedexpat on PyPI`_)
+comes with binary extensions and a
`modified expat`_ libary instead of the standard `expat parser`_. It's
basically a stand-alone version of the patches for Python's standard
library C extensions.
@@ -742,7 +744,9 @@ References
* `Testing for XML Injection`_
.. _defusedxml package: https://bitbucket.org/tiran/defusedxml
+.. _defusedxml on PyPI: https://pypi.python.org/pypi/defusedxml
.. _defusedexpat package: https://bitbucket.org/tiran/defusedexpat
+.. _defusedexpat on PyPI: https://pypi.python.org/pypi/defusedexpat
.. _modified expat: https://bitbucket.org/tiran/expat
.. _expat parser: http://expat.sourceforge.net/
.. _Attacking XML Security: https://www.isecpartners.com/media/12976/iSEC-HILL-Attacking-XML-Security-bh07.pdf