[Python-Dev] XML DoS vulnerabilities and exploits in Python (original) (raw)

Greg Ewing greg.ewing at canterbury.ac.nz
Wed Feb 20 23:35:23 CET 2013

• Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Carl Meyer wrote:

An XML parser that follows the XML standard is never safe to expose to untrusted input.

Does the XML standard really mandate that a conforming parser must blindly download any DTD URL given to it from the real live internet? Somehow I doubt that.

-- Greg

• Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list