summaryrefslogtreecommitdiffstats
path: root/Lib/xml/sax
diff options
context:
space:
mode:
authorChristian Heimes <christian@python.org>2018-09-23 07:50:25 (GMT)
committerMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>2018-09-23 07:50:25 (GMT)
commit17b1d5d4e36aa57a9b25a0e694affbd1ee637e45 (patch)
tree486acd3328d5e607bd05936fdfb73eb548d4fa90 /Lib/xml/sax
parent9fb051f032c36b9f6086b79086b4d6b7755a3d70 (diff)
downloadcpython-17b1d5d4e36aa57a9b25a0e694affbd1ee637e45.zip
cpython-17b1d5d4e36aa57a9b25a0e694affbd1ee637e45.tar.gz
cpython-17b1d5d4e36aa57a9b25a0e694affbd1ee637e45.tar.bz2
bpo-17239: Disable external entities in SAX parser (GH-9217)
The SAX parser no longer processes general external entities by default to increase security. Before, the parser created network connections to fetch remote files or loaded local files from the file system for DTD and entities. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue17239
Diffstat (limited to 'Lib/xml/sax')
-rw-r--r--Lib/xml/sax/expatreader.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/Lib/xml/sax/expatreader.py b/Lib/xml/sax/expatreader.py
index 421358f..5066ffc 100644
--- a/Lib/xml/sax/expatreader.py
+++ b/Lib/xml/sax/expatreader.py
@@ -95,7 +95,7 @@ class ExpatParser(xmlreader.IncrementalParser, xmlreader.Locator):
self._lex_handler_prop = None
self._parsing = 0
self._entity_stack = []
- self._external_ges = 1
+ self._external_ges = 0
self._interning = None
# XMLReader methods