Closed flupzor closed 5 years ago
This PR replaces the sax with the sax parser drop in replacement from defusedxml which guards against various XML vulnerabilities. I've also added a bunch of tests which test for XXE local/remote quadratic blowup and billion laughs attacks.
This PR replaces the sax with the sax parser drop in replacement from defusedxml which guards against various XML vulnerabilities. I've also added a bunch of tests which test for XXE local/remote quadratic blowup and billion laughs attacks.