Issue 17538: Document XML vulnerabilties

author: Christian Heimes <christian@cheimes.de> 2013-03-26 17:48:28 +0100
committer: Christian Heimes <christian@cheimes.de> 2013-03-26 17:48:28 +0100
commit: 9869e60dc2e7803f31af47a37fcc6392262496d8 (patch)
tree: 49364ab55ba75b075d9cb2f2f624421b911862a9 /Doc/library/xml.etree.elementtree.rst
parent: a1e8244afaef671d685d7d171288effa00f2c1b9 (diff)
parent: 768f6a53601a6c4e0b914aaedb977dd2ca97532a (diff)
download: cpython-git-9869e60dc2e7803f31af47a37fcc6392262496d8.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/Doc/library/xml.etree.elementtree.rst b/Doc/library/xml.etree.elementtree.rst
index 2a9f9b30b0..6af287f1b1 100644
--- a/Doc/library/xml.etree.elementtree.rst
+++ b/Doc/library/xml.etree.elementtree.rst
@@ -12,6 +12,13 @@ for parsing and creating XML data.
    This module will use a fast implementation whenever available.
    The :mod:`xml.etree.cElementTree` module is deprecated.
 
+
+.. warning::
+
+   The :mod:`xml.etree.ElementTree` module is not secure against
+   maliciously constructed data.  If you need to parse untrusted or
+   unauthenticated data see :ref:`xml-vulnerabilities`.
+
 Tutorial
 --------
author	Christian Heimes <christian@cheimes.de>	2013-03-26 17:48:28 +0100
committer	Christian Heimes <christian@cheimes.de>	2013-03-26 17:48:28 +0100
commit	9869e60dc2e7803f31af47a37fcc6392262496d8 (patch)
tree	49364ab55ba75b075d9cb2f2f624421b911862a9 /Doc/library/xml.etree.elementtree.rst
parent	a1e8244afaef671d685d7d171288effa00f2c1b9 (diff)
parent	768f6a53601a6c4e0b914aaedb977dd2ca97532a (diff)
download	cpython-git-9869e60dc2e7803f31af47a37fcc6392262496d8.tar.gz