[Python-Dev] xml.sax and xml.dom fetch DTDs by default
Christian Heimes
christian at python.org
Fri Feb 22 01:07:06 CET 2013
More information about the Python-Dev mailing list
Fri Feb 22 01:07:06 CET 2013
- Previous message: [Python-Dev] xml.sax and xml.dom fetch DTDs by default (was XML DoS vulnerabilities and exploits in Python)
- Next message: [Python-Dev] Can't upload to PyPI
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am 22.02.2013 00:47, schrieb Paul Boddie: > Perhaps related to the discussion of denial-of-service vulnerabilities is the > matter of controlling access to remote resources. I suppose that after the > following bug was closed, no improvements were made to the standard library: > > http://bugs.python.org/issue2124 > > Do Python programs still visit the W3C site millions of times every day to > download DTDs that they are not, by default, able to remember from their last > visit? Affirmative for Python 2.6 to 3.4 dev! It's all in my documentation, too. https://pypi.python.org/pypi/defusedxml#python-xml-libraries Christian
- Previous message: [Python-Dev] xml.sax and xml.dom fetch DTDs by default (was XML DoS vulnerabilities and exploits in Python)
- Next message: [Python-Dev] Can't upload to PyPI
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list