DefusedXML

0.7.1 · active · verified Sun Oct 01

DefusedXML provides XML bomb protection for Python standard library modules, currently at version 0.7.1. The library aims to prevent denial of service attacks by handling malicious XML documents safely.

Warnings

breaking Support for Python 2 will be removed in version 0.8.0.
Fix: Upgrade to Python 3 for future compatibility.
deprecated The defusedxml.cElementTree module is deprecated.
Fix: Use defusedxml.ElementTree instead.

Install

pip install defusedxml Install DefusedXML

Imports

ElementTree
```
from defusedxml.ElementTree import ElementTree
```
Ensure you are using the defusedxml wrapper for safety.

Quickstart

Quickly parse XML data using defusedxml to prevent XXE attacks.

from defusedxml.ElementTree import fromstring

xml_data = '<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xxe;</foo>'
try:
    root = fromstring(xml_data)
    print(root)
except Exception as e:
    print(str(e))

view raw JSON →