Christian Heimes avatar Christian Heimes committed 9e66785

more thanks and xinclude

Comments (0)

Files changed (1)

     </html>
 
 
-Library overview
-================
+Python XML Libraries
+====================
 
 .. csv-table::
    :header: "kind", "sax", "etree", "minidom", "pulldom", "lxml", "libxml2 python", "genshi"
    "gzip bomb", "False", "False", "False", "False", "partly (2)", "untested", "False"
    "xpath support", "False", "False", "False", "False", "True", "untested", "False"
    "xsl(t) support", "False", "False", "False", "False", "True", "untested", "False"
+   "xinclude support", "False", "True (6)", "False", "False", "True (6), "untested", "True"
    "C library", "expat", "expat", "expat", "expat", "libxml2", "libxml2", "expat"
 
 1. Lxml is protected against billion laughs attacks and doesn't do network
    verbatim.
 5. genshi.input of genshi 0.6 doesn't support entity expansion and raises a
    ParserError when an entity occurs.
+6. Library has (limited) XInclude support but requires an additional step to
+   process inclusion.
 
 
 Other things to consider
    </root>
 
 This feature should be disabled when XML files from an untrusted source are
-processed.
+processed. Some Python XML libraries and libxml2 support XInclude but don't
+have an option to sandbox inclusion and limit it to allowed directories.
 
 
 XSL Transformation
 Acknowledgements
 ================
 
-Brett Cannon <brett@python.org>
+Brett Cannon (Python Core developer)
   review and code cleanup
 
+Antoine Pitrou (Python Core developer)
+  code review
+
+Aaron Patterson, Ben Murphy and Michael Koziarski (Ruby community)
+  Many thanks to Aaron, Ben and Michael from the Ruby community for their
+  report and assistance.
+
+Thierry Carrez (OpenStack)
+
+Carl Meyer (Django)
+
+Daniel Veillard (libxml2)
+
 semantics GmbH (http://www.semantics.de/)
-   I like to thank my employer s<e>mantics for letting me work on the issue
-   during working hours as part of semantics's open source initiative.
+  Many thanks to my employer semantics for letting me work on the issue
+  during working hours as part of semantics's open source initiative.
 
 
 References
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.