diff options
| author | Christian Heimes <christian@python.org> | 2018-09-23 09:50:25 +0200 |
|---|---|---|
| committer | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2018-09-23 00:50:25 -0700 |
| commit | 17b1d5d4e36aa57a9b25a0e694affbd1ee637e45 (patch) | |
| tree | 486acd3328d5e607bd05936fdfb73eb548d4fa90 /Lib/test/test_xml_etree.py | |
| parent | 9fb051f032c36b9f6086b79086b4d6b7755a3d70 (diff) | |
| download | cpython-17b1d5d4e36aa57a9b25a0e694affbd1ee637e45.tar.gz cpython-17b1d5d4e36aa57a9b25a0e694affbd1ee637e45.zip | |
bpo-17239: Disable external entities in SAX parser (GH-9217)
The SAX parser no longer processes general external entities by default
to increase security. Before, the parser created network connections
to fetch remote files or loaded local files from the file system for DTD
and entities.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue17239
Diffstat (limited to 'Lib/test/test_xml_etree.py')
| -rw-r--r-- | Lib/test/test_xml_etree.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py index a52529051bf..ecb910f04f5 100644 --- a/Lib/test/test_xml_etree.py +++ b/Lib/test/test_xml_etree.py @@ -91,6 +91,12 @@ ENTITY_XML = """\ <document>&entity;</document> """ +EXTERNAL_ENTITY_XML = """\ +<!DOCTYPE points [ +<!ENTITY entity SYSTEM "file:///non-existing-file.xml"> +]> +<document>&entity;</document> +""" def checkwarnings(*filters, quiet=False): def decorator(test): @@ -861,6 +867,13 @@ class ElementTreeTest(unittest.TestCase): root = parser.close() self.serialize_check(root, '<document>text</document>') + # 4) external (SYSTEM) entity + + with self.assertRaises(ET.ParseError) as cm: + ET.XML(EXTERNAL_ENTITY_XML) + self.assertEqual(str(cm.exception), + 'undefined entity &entity;: line 4, column 10') + def test_namespace(self): # Test namespace issues. |