1 files changed, 15 insertions, 8 deletions

diff --git a/defusedxml/common.py b/defusedxml/common.py
index 0492304..04f7ca6 100644
--- a/defusedxml/common.py
+++ b/defusedxml/common.py
@@ -89,18 +89,20 @@ def _generate_etree_functions(DefusedXMLParser, _TreeBuilder,
     """Factory for functions needed by etree, dependent on whether
     cElementTree or ElementTree is used."""
 
-    def parse(source, parser=None, forbid_dtd=False, forbid_entities=True):
+    def parse(source, parser=None, forbid_dtd=False, forbid_entities=True,
+              forbid_external=True):
         if parser is None:
             parser = DefusedXMLParser(target=_TreeBuilder(),
                                       forbid_dtd=forbid_dtd,
-                                      forbid_entities=forbid_entities)
+                                      forbid_entities=forbid_entities,
+                                      forbid_external=forbid_external)
         return _parse(source, parser)
 
     if PY26 or PY31:
         def unbound(f):
                 return getattr(f, "__func__", f)
         def iterparse(source, events=None, forbid_dtd=False,
-                      forbid_entities=True):
+                      forbid_entities=True, forbid_external=True):
             it = _iterparse(source, events)
             parser = it._parser._parser
             if forbid_dtd:
@@ -111,19 +113,22 @@ def _generate_etree_functions(DefusedXMLParser, _TreeBuilder,
                     unbound(DefusedXMLParser.defused_entity_decl)
                 parser.UnparsedEntityDeclHandler = \
                     unbound(DefusedXMLParser.defused_unparsed_entity_decl)
-            if hasattr(parser.ExternalEntityRefHandler, "__call__"):
+            if forbid_external:
                 parser.ExternalEntityRefHandler = \
                     unbound(DefusedXMLParser.defused_external_entity_ref_handler)
             return it
     elif PY3:
         def iterparse(source, events=None, parser=None, forbid_dtd=False,
-                      forbid_entities=True):
+                      forbid_entities=True, forbid_external=True):
             close_source = False
             if not hasattr(source, "read"):
                 source = open(source, "rb")
                 close_source = True
             if not parser:
-                parser = DefusedXMLParser(target=_TreeBuilder())
+                parser = DefusedXMLParser(target=_TreeBuilder(),
+                                          forbid_dtd=forbid_dtd,
+                                          forbid_entities=forbid_entities,
+                                          forbid_external=forbid_external)
             return _IterParseIterator(source, events, parser, close_source)
     else:
         # Python 2.7
@@ -133,10 +138,12 @@ def _generate_etree_functions(DefusedXMLParser, _TreeBuilder,
                 parser = DefusedXMLParser(target=_TreeBuilder())
             return _iterparse(source, events, parser)
 
-    def fromstring(text, forbid_dtd=False, forbid_entities=True):
+    def fromstring(text, forbid_dtd=False, forbid_entities=True,
+                   forbid_external=True):
         parser = DefusedXMLParser(target=_TreeBuilder(),
                                   forbid_dtd=forbid_dtd,
-                                  forbid_entities=forbid_entities)
+                                  forbid_entities=forbid_entities,
+                                  forbid_external=forbid_external)
         parser.feed(text)
         return parser.close()