Skip to content

D
django-rest-framework
Commit 569c3a28 by Tom Christie
Options

Add forbid_dtd flag, since we don't need any DTDs.

parent dcee027f
Showing with 1 additions and 1 deletions
rest_framework/parsers.py
...@@ -152,7 +152,7 @@ class XMLParser(BaseParser): ...@@ -152,7 +152,7 @@ class XMLParser(BaseParser):
encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET) encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET)
parser = etree.DefusedXMLParser(encoding=encoding) parser = etree.DefusedXMLParser(encoding=encoding)
try: try:
tree = etree.parse(stream, parser=parser) tree = etree.parse(stream, parser=parser, forbid_dtd=True)
except (etree.ParseError, ValueError) as exc: except (etree.ParseError, ValueError) as exc:
raise ParseError('XML parse error - %s' % six.u(exc)) raise ParseError('XML parse error - %s' % six.u(exc))
data = self._xml_convert(tree.getroot()) data = self._xml_convert(tree.getroot())
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment