Make use of defusedxml if available

[jkyeung]

I understand that being packaged as a single-file module with no external dependencies was an explicit goal of this project, and it's one that I support. However, now that it relies on ElementTree for parsing rather than on regular expressions, perhaps you would consider at least optionally making use of defusedxml if installed.

[PydPiper]

hey @jkyeung thank you for submitting this and bring it to attention. Yes, i agree this would be a move toward better security and should not be difficult to implement. I'll have to spend a bit of time on understanding the package and ensuring all tests still work

[PydPiper]

Hey @jkyeung i took a deeper look at defusedxml and played around a bit, however we are unable to add support for this library at the moment since it does not support ElementTree.register_namespace. A work around would be a big overhaul at the moment and i was not able to gather how to go about registering namespace using defausedxml.

Thank you for the suggestion, please let me know if you find anything out on this from your end.