mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-26 11:33:59 +03:00
Add forbid_dtd flag, since we don't need any DTDs.
This commit is contained in:
parent
dcee027fa9
commit
569c3a28e6
|
@ -152,7 +152,7 @@ class XMLParser(BaseParser):
|
||||||
encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET)
|
encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET)
|
||||||
parser = etree.DefusedXMLParser(encoding=encoding)
|
parser = etree.DefusedXMLParser(encoding=encoding)
|
||||||
try:
|
try:
|
||||||
tree = etree.parse(stream, parser=parser)
|
tree = etree.parse(stream, parser=parser, forbid_dtd=True)
|
||||||
except (etree.ParseError, ValueError) as exc:
|
except (etree.ParseError, ValueError) as exc:
|
||||||
raise ParseError('XML parse error - %s' % six.u(exc))
|
raise ParseError('XML parse error - %s' % six.u(exc))
|
||||||
data = self._xml_convert(tree.getroot())
|
data = self._xml_convert(tree.getroot())
|
||||||
|
|
Loading…
Reference in New Issue
Block a user