1. Christian Heimes
  2. defusedxml


Christian Heimes  committed fcfae83

Add links to PyPI
fixed grammar (thx Terry)

  • Participants
  • Parent commits 3d6b08d
  • Branches default

Comments (0)

Files changed (1)

File README.txt

View file
  • Ignore whitespace
 A quadratic blowup attack is similar to a `Billion Laughs`_ attack; it abuses
 entity expansion, too. Instead of nested entities it repeats one large entity
-with a couple of ten thousand chars over and over again. The attack isn't as
+with a couple of thousand chars over and over again. The attack isn't as
 efficient as the exponential case but it avoids triggering countermeasures of
 parsers against heavily nested entities. Some parsers limit the depth and
 breadth of a single entity but not the total amount of expanded text
-The `defusedxml package`_ contains several Python-only workarounds and fixes
+The `defusedxml package`_ (`defusedxml on PyPI`_)
+contains several Python-only workarounds and fixes
 for denial of service and other vulnerabilities in Python's XML libraries.
 In order to benefit from the protection you just have to import and use the
 listed functions / classes from the right defusedxml module instead of the
-The `defusedexpat package`_ comes with binary extensions and a
+The `defusedexpat package`_ (`defusedexpat on PyPI`_)
+comes with binary extensions and a
 `modified expat`_ libary instead of the standard `expat parser`_. It's
 basically a stand-alone version of the patches for Python's standard
 library C extensions.
 * `Testing for XML Injection`_
 .. _defusedxml package: https://bitbucket.org/tiran/defusedxml
+.. _defusedxml on PyPI: https://pypi.python.org/pypi/defusedxml
 .. _defusedexpat package: https://bitbucket.org/tiran/defusedexpat
+.. _defusedexpat on PyPI: https://pypi.python.org/pypi/defusedexpat
 .. _modified expat: https://bitbucket.org/tiran/expat
 .. _expat parser: http://expat.sourceforge.net/
 .. _Attacking XML Security: https://www.isecpartners.com/media/12976/iSEC-HILL-Attacking-XML-Security-bh07.pdf