Issue 17538: Document XML vulnerabilties

author: Christian Heimes <christian@cheimes.de> 2013-03-26 16:35:55 (GMT)
committer: Christian Heimes <christian@cheimes.de> 2013-03-26 16:35:55 (GMT)
commit: 1df04e88ae35cc6576e93f45962b153092048181 (patch)
tree: bd16826d26b0bc5ffdf2b050daa83dcc5fc49076 /Doc/library/xml.etree.elementtree.rst
parent: 2323cb793cd06680ed7f477ed5e3b508f052a147 (diff)
download: cpython-1df04e88ae35cc6576e93f45962b153092048181.zip
cpython-1df04e88ae35cc6576e93f45962b153092048181.tar.gz
cpython-1df04e88ae35cc6576e93f45962b153092048181.tar.bz2
1 files changed, 8 insertions, 0 deletions
diff --git a/Doc/library/xml.etree.elementtree.rst b/Doc/library/xml.etree.elementtree.rst
index cf0c33f..dc9ebb9 100644
--- a/Doc/library/xml.etree.elementtree.rst
+++ b/Doc/library/xml.etree.elementtree.rst
@@ -13,6 +13,14 @@ The :class:`Element` type is a flexible container object, designed to store
 hierarchical data structures in memory.  The type can be described as a cross
 between a list and a dictionary.
 
+
+.. warning::
+
+   The :mod:`xml.etree.ElementTree` module is not secure against
+   maliciously constructed data.  If you need to parse untrusted or
+   unauthenticated data see :ref:`xml-vulnerabilities`.
+
+
 Each element has a number of properties associated with it:
 
 * a tag which is a string identifying what kind of data this element represents
author	Christian Heimes <christian@cheimes.de>	2013-03-26 16:35:55 (GMT)
committer	Christian Heimes <christian@cheimes.de>	2013-03-26 16:35:55 (GMT)
commit	1df04e88ae35cc6576e93f45962b153092048181 (patch)
tree	bd16826d26b0bc5ffdf2b050daa83dcc5fc49076 /Doc/library/xml.etree.elementtree.rst
parent	2323cb793cd06680ed7f477ed5e3b508f052a147 (diff)
download	cpython-1df04e88ae35cc6576e93f45962b153092048181.zip cpython-1df04e88ae35cc6576e93f45962b153092048181.tar.gz cpython-1df04e88ae35cc6576e93f45962b153092048181.tar.bz2