diff options
| -rw-r--r-- | Doc/library/xml.rst | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/Doc/library/xml.rst b/Doc/library/xml.rst index 3c2fc89d50..d833b7fe99 100644 --- a/Doc/library/xml.rst +++ b/Doc/library/xml.rst @@ -60,15 +60,15 @@ circumvent firewalls. The following table gives an overview of the known attacks and whether the various modules are vulnerable to them. -========================= ======== ========= ========= ======== ========= -kind sax etree minidom pulldom xmlrpc -========================= ======== ========= ========= ======== ========= -billion laughs **Yes** **Yes** **Yes** **Yes** **Yes** -quadratic blowup **Yes** **Yes** **Yes** **Yes** **Yes** -external entity expansion **Yes** No (1) No (2) **Yes** No (3) -`DTD`_ retrieval **Yes** No No **Yes** No -decompression bomb No No No No **Yes** -========================= ======== ========= ========= ======== ========= +========================= ============== =============== ============== ============== ============== +kind sax etree minidom pulldom xmlrpc +========================= ============== =============== ============== ============== ============== +billion laughs **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** +quadratic blowup **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** +external entity expansion **Vulnerable** Safe (1) Safe (2) **Vulnerable** Safe (3) +`DTD`_ retrieval **Vulnerable** Safe Safe **Vulnerable** Safe +decompression bomb Safe Safe Safe Safe **Vulnerable** +========================= ============== =============== ============== ============== ============== 1. :mod:`xml.etree.ElementTree` doesn't expand external entities and raises a :exc:`ParserError` when an entity occurs. |