added security warning for graphml files (#5004)

* added security warning for graphml files * Update networkx/readwrite/graphml.py Co-authored-by: Ross Barnowski <rossbar@berkeley.edu> Co-authored-by: Ross Barnowski <rossbar@berkeley.edu>
author: bt-nia <74181389+bt-nia@users.noreply.github.com> 2021-08-04 20:08:34 +0200
committer: GitHub <noreply@github.com> 2021-08-04 20:08:34 +0200
commit: 0a95365ebb5ff00e48f0be346ec9c1bee15855d1 (patch)
tree: 7c80a216a723e535b2ef8f9b81442b686b765da2
parent: 3fc58b95dc177292ed9b80391ed02747b2249e37 (diff)
download: networkx-0a95365ebb5ff00e48f0be346ec9c1bee15855d1.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/networkx/readwrite/graphml.py b/networkx/readwrite/graphml.py
index 5535bbc5..bb70a0d7 100644
--- a/networkx/readwrite/graphml.py
+++ b/networkx/readwrite/graphml.py
@@ -4,6 +4,12 @@ GraphML
 *******
 Read and write graphs in GraphML format.
 
+.. warning::
+
+    This parser uses the standard xml library present in Python, which is
+    insecure - see :doc:`library/xml` for additional information.
+    Only parse GraphML files you trust.
+
 This implementation does not support mixed graphs (directed and unidirected
 edges together), hyperedges, nested graphs, or ports.
author	bt-nia <74181389+bt-nia@users.noreply.github.com>	2021-08-04 20:08:34 +0200
committer	GitHub <noreply@github.com>	2021-08-04 20:08:34 +0200
commit	0a95365ebb5ff00e48f0be346ec9c1bee15855d1 (patch)
tree	7c80a216a723e535b2ef8f9b81442b686b765da2
parent	3fc58b95dc177292ed9b80391ed02747b2249e37 (diff)
download	networkx-0a95365ebb5ff00e48f0be346ec9c1bee15855d1.tar.gz