Closes #19179: make table of XML vulnerabilities clearer by using "everyday" booleans and explaining the table beforehand.

1 files changed, 7 insertions, 5 deletions

diff --git a/Doc/library/xml.rst b/Doc/library/xml.rst
index d255f7f..d796d82 100644
--- a/Doc/library/xml.rst
+++ b/Doc/library/xml.rst
@@ -53,15 +53,17 @@ access local files, to generate network connections to other machines, or
 to or circumvent firewalls. The attacks on XML abuse unfamiliar features
 like inline `DTD`_ (document type definition) with entities.
 
+The following table gives an overview of the known attacks and if the various
+modules are vulnerable to them.
 
 =========================  ========  =========  =========  ========  =========
 kind                       sax       etree      minidom    pulldom   xmlrpc
 =========================  ========  =========  =========  ========  =========
-billion laughs             **True**  **True**   **True**   **True**  **True**
-quadratic blowup           **True**  **True**   **True**   **True**  **True**
-external entity expansion  **True**  False (1)  False (2)  **True**  False (3)
-DTD retrieval              **True**  False      False      **True**  False
-decompression bomb         False     False      False      False     **True**
+billion laughs             **Yes**   **Yes**    **Yes**    **Yes**   **Yes**
+quadratic blowup           **Yes**   **Yes**    **Yes**    **Yes**   **Yes**
+external entity expansion  **Yes**   No    (1)  No    (2)  **Yes**   No    (3)
+DTD retrieval              **Yes**   No         No         **Yes**   No
+decompression bomb         No        No         No         No        **Yes**
 =========================  ========  =========  =========  ========  =========
 
 1. :mod:`xml.etree.ElementTree` doesn't expand external entities and raises a