Skip to content

Commit

Permalink
prevent XXE
Browse files Browse the repository at this point in the history
  • Loading branch information
@mylokin
mylokin authored Jun 7, 2017
1 parent e7e8d79 commit e50fbd3
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion speedparser/speedparser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -576,7 +576,7 @@ def __init__(self, content, cleaner=default_cleaner, unix_timestamp=False, encod
self.unix_timestamp = unix_timestamp
if self.xmlns and '#' in self.xmlns:
self.xmlns = self.xmlns.strip('#')
parser = etree.XMLParser(recover=True)
parser = etree.XMLParser(recover=True, resolve_entities=False)
tree = etree.fromstring(content, parser=parser)
if isinstance(tree, etree._ElementTree):
self.tree = tree
Expand Down

0 comments on commit e50fbd3

Please sign in to comment.