Issue 17538: Document XML vulnerabilties

author: Christian Heimes <christian@cheimes.de> 2013-03-26 16:35:55 (GMT)
committer: Christian Heimes <christian@cheimes.de> 2013-03-26 16:35:55 (GMT)
commit: 7380a67267d9ec59b70617ea59ff31819f530942 (patch)
tree: 0648f9c8a5594f0c90ef45c9aefa43440ca7128a /Doc/library/xml.dom.pulldom.rst
parent: 5be6d74a0d0ae111cd823d2b7a5896c77d8c8895 (diff)
download: cpython-7380a67267d9ec59b70617ea59ff31819f530942.zip
cpython-7380a67267d9ec59b70617ea59ff31819f530942.tar.gz
cpython-7380a67267d9ec59b70617ea59ff31819f530942.tar.bz2
1 files changed, 8 insertions, 0 deletions
diff --git a/Doc/library/xml.dom.pulldom.rst b/Doc/library/xml.dom.pulldom.rst
index eb16a09..8aa9cfb 100644
--- a/Doc/library/xml.dom.pulldom.rst
+++ b/Doc/library/xml.dom.pulldom.rst
@@ -17,6 +17,14 @@ processing model together with callbacks, the user of a pull parser is
 responsible for explicitly pulling events from the stream, looping over those
 events until either processing is finished or an error condition occurs.
 
+
+.. warning::
+
+   The :mod:`xml.dom.pulldom` module is not secure against
+   maliciously constructed data.  If you need to parse untrusted or
+   unauthenticated data see :ref:`xml-vulnerabilities`.
+
+
 Example::
 
    from xml.dom import pulldom
author	Christian Heimes <christian@cheimes.de>	2013-03-26 16:35:55 (GMT)
committer	Christian Heimes <christian@cheimes.de>	2013-03-26 16:35:55 (GMT)
commit	7380a67267d9ec59b70617ea59ff31819f530942 (patch)
tree	0648f9c8a5594f0c90ef45c9aefa43440ca7128a /Doc/library/xml.dom.pulldom.rst
parent	5be6d74a0d0ae111cd823d2b7a5896c77d8c8895 (diff)
download	cpython-7380a67267d9ec59b70617ea59ff31819f530942.zip cpython-7380a67267d9ec59b70617ea59ff31819f530942.tar.gz cpython-7380a67267d9ec59b70617ea59ff31819f530942.tar.bz2