Issue 17538: Document XML vulnerabilties

author: Christian Heimes <christian@cheimes.de> 2013-03-26 16:47:23 (GMT)
committer: Christian Heimes <christian@cheimes.de> 2013-03-26 16:47:23 (GMT)
commit: 768f6a53601a6c4e0b914aaedb977dd2ca97532a (patch)
tree: 0a15e62fa957038dd0e6ad2cd704d3378ac336a5 /Doc/library/xmlrpc.client.rst
parent: c40f97f8beaacfb834d3f4f22d581e37dd82c14d (diff)
parent: 7380a67267d9ec59b70617ea59ff31819f530942 (diff)
download: cpython-768f6a53601a6c4e0b914aaedb977dd2ca97532a.zip
cpython-768f6a53601a6c4e0b914aaedb977dd2ca97532a.tar.gz
cpython-768f6a53601a6c4e0b914aaedb977dd2ca97532a.tar.bz2
1 files changed, 7 insertions, 0 deletions
diff --git a/Doc/library/xmlrpc.client.rst b/Doc/library/xmlrpc.client.rst
index 1871c99..3a53655 100644
--- a/Doc/library/xmlrpc.client.rst
+++ b/Doc/library/xmlrpc.client.rst
@@ -21,6 +21,13 @@ supports writing XML-RPC client code; it handles all the details of translating
 between conformable Python objects and XML on the wire.
 
 
+.. warning::
+
+   The :mod:`xmlrpc.client` module is not secure against maliciously
+   constructed data.  If you need to parse untrusted or unauthenticated data see
+   :ref:`xml-vulnerabilities`.
+
+
 .. class:: ServerProxy(uri, transport=None, encoding=None, verbose=False, \
                        allow_none=False, use_datetime=False, \
                        use_builtin_types=False)
author	Christian Heimes <christian@cheimes.de>	2013-03-26 16:47:23 (GMT)
committer	Christian Heimes <christian@cheimes.de>	2013-03-26 16:47:23 (GMT)
commit	768f6a53601a6c4e0b914aaedb977dd2ca97532a (patch)
tree	0a15e62fa957038dd0e6ad2cd704d3378ac336a5 /Doc/library/xmlrpc.client.rst
parent	c40f97f8beaacfb834d3f4f22d581e37dd82c14d (diff)
parent	7380a67267d9ec59b70617ea59ff31819f530942 (diff)
download	cpython-768f6a53601a6c4e0b914aaedb977dd2ca97532a.zip cpython-768f6a53601a6c4e0b914aaedb977dd2ca97532a.tar.gz cpython-768f6a53601a6c4e0b914aaedb977dd2ca97532a.tar.bz2