Add forbid_dtd flag, since we don't need any DTDs.

This commit is contained in:
Tom Christie 2013-02-22 19:41:09 +00:00
parent dcee027fa9
commit 569c3a28e6

View File

@ -152,7 +152,7 @@ class XMLParser(BaseParser):
encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET) encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET)
parser = etree.DefusedXMLParser(encoding=encoding) parser = etree.DefusedXMLParser(encoding=encoding)
try: try:
tree = etree.parse(stream, parser=parser) tree = etree.parse(stream, parser=parser, forbid_dtd=True)
except (etree.ParseError, ValueError) as exc: except (etree.ParseError, ValueError) as exc:
raise ParseError('XML parse error - %s' % six.u(exc)) raise ParseError('XML parse error - %s' % six.u(exc))
data = self._xml_convert(tree.getroot()) data = self._xml_convert(tree.getroot())