mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-26 03:23:59 +03:00
Add forbid_dtd flag, since we don't need any DTDs.
This commit is contained in:
parent
dcee027fa9
commit
569c3a28e6
|
@ -152,7 +152,7 @@ class XMLParser(BaseParser):
|
|||
encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET)
|
||||
parser = etree.DefusedXMLParser(encoding=encoding)
|
||||
try:
|
||||
tree = etree.parse(stream, parser=parser)
|
||||
tree = etree.parse(stream, parser=parser, forbid_dtd=True)
|
||||
except (etree.ParseError, ValueError) as exc:
|
||||
raise ParseError('XML parse error - %s' % six.u(exc))
|
||||
data = self._xml_convert(tree.getroot())
|
||||
|
|
Loading…
Reference in New Issue
Block a user