diff options
| author | Guido van Rossum <guido@python.org> | 2016-10-13 14:32:55 -0700 |
|---|---|---|
| committer | Guido van Rossum <guido@python.org> | 2016-10-13 14:32:55 -0700 |
| commit | 174d79a28453f9fb60e7cdec793032934622ec24 (patch) | |
| tree | 04830f689ac604827f5d0cd3c5cd27943172e795 | |
| parent | 54aced7175d5ed2a021cd6b5412e4fc18132a562 (diff) | |
| parent | a0ef768ddf7a8196c77544545d2dfb7e09473e4d (diff) | |
| download | cpython-git-174d79a28453f9fb60e7cdec793032934622ec24.tar.gz | |
Issue #18789: Update XML vulnerability table to use Safe/Vulnerable instead of No/Yes. (3.6->3.7)
| -rw-r--r-- | Doc/library/xml.rst | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/Doc/library/xml.rst b/Doc/library/xml.rst index 3c2fc89d50..d833b7fe99 100644 --- a/Doc/library/xml.rst +++ b/Doc/library/xml.rst @@ -60,15 +60,15 @@ circumvent firewalls. The following table gives an overview of the known attacks and whether the various modules are vulnerable to them. -========================= ======== ========= ========= ======== ========= -kind sax etree minidom pulldom xmlrpc -========================= ======== ========= ========= ======== ========= -billion laughs **Yes** **Yes** **Yes** **Yes** **Yes** -quadratic blowup **Yes** **Yes** **Yes** **Yes** **Yes** -external entity expansion **Yes** No (1) No (2) **Yes** No (3) -`DTD`_ retrieval **Yes** No No **Yes** No -decompression bomb No No No No **Yes** -========================= ======== ========= ========= ======== ========= +========================= ============== =============== ============== ============== ============== +kind sax etree minidom pulldom xmlrpc +========================= ============== =============== ============== ============== ============== +billion laughs **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** +quadratic blowup **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** +external entity expansion **Vulnerable** Safe (1) Safe (2) **Vulnerable** Safe (3) +`DTD`_ retrieval **Vulnerable** Safe Safe **Vulnerable** Safe +decompression bomb Safe Safe Safe Safe **Vulnerable** +========================= ============== =============== ============== ============== ============== 1. :mod:`xml.etree.ElementTree` doesn't expand external entities and raises a :exc:`ParserError` when an entity occurs. |