Christian Heimes avatar Christian Heimes committed 9d2b08f

Document forbid_external

Comments (0)

Files changed (1)

 The `defusedxml package`_ contains several Python-only workarounds and fixes
 for denial of service and other vulnerabilities in Python's XML libraries.
 
-All functions and parser classes accept two additional keyword arguments.
+All functions and parser classes accept three additional keyword arguments.
 
 forbid_dtd (default: False)
   disallow XML with a ``<!DOCTYPE>`` processing instruction and raise a
-  DTDForbidden exception
+  DTDForbidden exception when a DTD processing instruction is found.
 
 forbid_entities (default: True)
-  disallow XML with ``<!ENTITY>`` declarations inside the DTD and raise a
-  EntitiesForbidden exception
+  disallow XML with ``<!ENTITY>`` declarations inside the DTD and raise an
+  EntitiesForbidden exception when an entity is declared.
 
-All parsers also enforce a hard ban of external entities and retrieval of
-external DTDs by raising an ExternalReferenceForbidden exception.
+forbid_external (default: True)
+  disallow any access to remote or local resources in external entities
+  or DTD and raising an ExternalReferenceForbidden exception when a DTD
+  or entity references an external resource.
 
 
 defused.cElementTree
 
 parse(), parseString(), DefusedExpatBuilder, DefusedExpatBuilderNS
 
+
 defused.minidom
 ---------------
 
 parse(), parseString()
 
+
 defused.pulldom
 ---------------
 
 parse(), parseString()
 
+
 defused.xmlrpclib
 -----------------
 
 TODO
 
+
 defused.lxml
 ------------
 
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.