diff options
| author | Jakub Wilk <jwilk@jwilk.net> | 2017-08-13 18:02:47 +0200 |
|---|---|---|
| committer | Christian Heimes <christian@python.org> | 2019-04-14 12:03:47 +0200 |
| commit | 34d0a1b58fa963b965cf98ff2970b3df54189ec3 (patch) | |
| tree | 5eeb871207a7b800c14669ab26d440e9b5e538f0 | |
| parent | b09f13621f1b5471636b49dede86ac02fea1910d (diff) | |
| download | defusedxml-git-34d0a1b58fa963b965cf98ff2970b3df54189ec3.tar.gz | |
Fix typos
| -rw-r--r-- | CHANGES.txt | 2 | ||||
| -rw-r--r-- | README.md | 10 | ||||
| -rw-r--r-- | README.txt | 8 |
3 files changed, 10 insertions, 10 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 0ba0fdb..a3175e8 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -74,7 +74,7 @@ defusedxml 0.2 - Rename defusedxml.lxml.check_dtd() to check_docinfo() - Unify argument names in callbacks - Add arguments and formatted representation to exceptions -- Add forbid_external argument to all functions and classs +- Add forbid_external argument to all functions and classes - More tests - LOTS of documentation - Add example code for other languages (Ruby, Perl, PHP) and parsers (Genshi) @@ -118,7 +118,7 @@ possible. For example: with requests to a service that doesn't respond or responds with very large files. - An attacker may gain knowledge, when, how often and from which IP - address a XML document is accessed. + address an XML document is accessed. - An attacker could send mail from inside your network if the URL handler supports `smtp://` URIs. @@ -313,7 +313,7 @@ defusedexpat The [defusedexpat package](https://github.com/tiran/defusedexpat) ([defusedexpat on PyPI](https://pypi.python.org/pypi/defusedexpat)) comes with binary extensions and a [modified -expat](https://github.com/tiran/expat) libary instead of the standard +expat](https://github.com/tiran/expat) library instead of the standard [expat parser](http://expat.sourceforge.net/). It's basically a stand-alone version of the patches for Python's standard library C extensions. @@ -492,7 +492,7 @@ be a security threat. XPath statements may introduce DoS vulnerabilities. Code should never execute queries from untrusted sources. An attacker may also be able to -create a XML document that makes certain XPath queries costly or +create an XML document that makes certain XPath queries costly or resource hungry. ### XPath injection attacks @@ -606,7 +606,7 @@ configuration. ### PHP PHP's SimpleXML API is vulnerable to quadratic entity expansion and -loads entites from local and remote resources. The option `LIBXML_NONET` +loads entities from local and remote resources. The option `LIBXML_NONET` disables network access but still allows local file access. `LIBXML_NOENT` seems to have no effect on entity expansion in PHP 5.4.6. @@ -771,7 +771,7 @@ defusedxml 0.2 - Rename defusedxml.lxml.check\_dtd() to check\_docinfo() - Unify argument names in callbacks - Add arguments and formatted representation to exceptions -- Add forbid\_external argument to all functions and classs +- Add forbid\_external argument to all functions and classes - More tests - LOTS of documentation - Add example code for other languages (Ruby, Perl, PHP) and @@ -129,7 +129,7 @@ example: requests to a service that doesn't respond or responds with very large files. * An attacker may gain knowledge, when, how often and from which IP address - a XML document is accessed. + an XML document is accessed. * An attacker could send mail from inside your network if the URL handler supports ``smtp://`` URIs. @@ -363,7 +363,7 @@ defusedexpat The `defusedexpat package`_ (`defusedexpat on PyPI`_) comes with binary extensions and a -`modified expat`_ libary instead of the standard `expat parser`_. It's +`modified expat`_ library instead of the standard `expat parser`_. It's basically a stand-alone version of the patches for Python's standard library C extensions. @@ -536,7 +536,7 @@ XPath ----- XPath statements may introduce DoS vulnerabilities. Code should never execute -queries from untrusted sources. An attacker may also be able to create a XML +queries from untrusted sources. An attacker may also be able to create an XML document that makes certain XPath queries costly or resource hungry. @@ -657,7 +657,7 @@ PHP --- PHP's SimpleXML API is vulnerable to quadratic entity expansion and loads -entites from local and remote resources. The option ``LIBXML_NONET`` disables +entities from local and remote resources. The option ``LIBXML_NONET`` disables network access but still allows local file access. ``LIBXML_NOENT`` seems to have no effect on entity expansion in PHP 5.4.6. |