merge with 3.3

2013-10-12 18:19:48 +02:00 · 2013-10-12 18:19:48 +02:00 · 32b2c62db4
parent 42840f017d 57f936ecde
commit 32b2c62db4
1 changed files with 7 additions and 5 deletions
--- a/Doc/library/xml.rst
+++ b/Doc/library/xml.rst
@ -53,15 +53,17 @@ access local files, to generate network connections to other machines, or
 to or circumvent firewalls. The attacks on XML abuse unfamiliar features
 like inline `DTD`_ (document type definition) with entities.
 The following table gives an overview of the known attacks and if the various
 modules are vulnerable to them.
 =========================  ========  =========  =========  ========  =========
 kind                       sax       etree      minidom    pulldom   xmlrpc
 =========================  ========  =========  =========  ========  =========
-billion laughs             **True**  **True**   **True**   **True**  **True**
+billion laughs             **Yes**   **Yes**    **Yes**    **Yes**   **Yes**
-quadratic blowup           **True**  **True**   **True**   **True**  **True**
+quadratic blowup           **Yes**   **Yes**    **Yes**    **Yes**   **Yes**
-external entity expansion  **True**  False (1)  False (2)  **True**  False (3)
+external entity expansion  **Yes**   No    (1)  No    (2)  **Yes**   No    (3)
-DTD retrieval              **True**  False      False      **True**  False
+DTD retrieval              **Yes**   No         No         **Yes**   No
-decompression bomb         False     False      False      False     **True**
+decompression bomb         No        No         No         No        **Yes**
 =========================  ========  =========  =========  ========  =========
 1. :mod:`xml.etree.ElementTree` doesn't expand external entities and raises a