[Python-Dev] XML DoS vulnerabilities and exploits in Python (original) (raw)
Stefan Behnel stefan_ml at behnel.de
Thu Feb 21 07:37:36 CET 2013
- Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Next message: [Python-Dev] Python 2.7 buffer and memoryview documentation (issue# 17145)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Maciej Fijalkowski, 20.02.2013 21:17:
On Wed, Feb 20, 2013 at 8:24 PM, Christian Heimes wrote:
Am 20.02.2013 17:25, schrieb Benjamin Peterson:
Are these going to become patches for Python, too?
I'm working on it. The patches need to be discussed as they break backward compatibility and AFAIK XML standards, too. That's not very good. XML parsers are supposed to parse XML according to standards.
I think we can shorten this discussion to "this is a serious problem that needs to be fixed". If that involves taking the freedom that the XML standard leaves about processing DTDs, then I think we shouldn't be throwing any high-level bike shedding at it.
Consulting the standard actually helps.
Stefan
- Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Next message: [Python-Dev] Python 2.7 buffer and memoryview documentation (issue# 17145)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]