Skip to content

Commit

Permalink
Merge pull request #310 from mar10/pr/308
Browse files Browse the repository at this point in the history
remove defusedxml.lxml
  • Loading branch information
mar10 authored Mar 24, 2024
2 parents 1e35d0c + 571c492 commit 8be54c7
Show file tree
Hide file tree
Showing 5 changed files with 6 additions and 10 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
responses (default: false).
- #298: `--root` argument honors `fs_dav_provider` configuration.
- #301: `_DAVResource` should have `is_link()` method to avoid dir_browser issues.
- [#308](https://github.com/mar10/wsgidav/issues/308) remove defusedxml dependency

## 4.3.0 / 2023-09-24

Expand Down
2 changes: 1 addition & 1 deletion Pipfile
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ safety = "*"
yabs = "*"

[packages]
defusedxml = "*" # "~=0.5"
defusedxml = "*" # "~=0.7"
Jinja2 = "*" # "~=2.10"
PyYAML = "*" # "~=5.1"
json5 = "*"
Expand Down
2 changes: 1 addition & 1 deletion docs/source/requirements.txt
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Requirements used by Sphinx / RTD
defusedxml~=0.5
defusedxml~=0.7.1
Jinja2~=3.0
json5~=0.8.5
python-pam~=2.0.2
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
defusedxml~=0.5
defusedxml~=0.7.1
Jinja2~=3.0
json5~=0.8.5
python-pam~=2.0
Expand Down
9 changes: 2 additions & 7 deletions wsgidav/xml_tools.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,16 +17,11 @@
# Import XML support
use_lxml = False
try:
# This import helps setup.py to include lxml completely:
# lxml with safe defaults
from defusedxml.lxml import _etree as etree
from lxml import _elementpath as _dummy_elementpath # noqa
from lxml import etree

use_lxml = True
_ElementType = etree._Element
except ImportError:
# warnings.warn("Could not import lxml") # , ImportWarning)
# Try xml module (Python 2.5 or later) with safe defaults
# defusedxml doesn't define these non-parsing related objects
from xml.etree.ElementTree import Element, SubElement, tostring

Expand All @@ -49,7 +44,7 @@ def is_etree_element(obj):
def string_to_xml(text):
"""Convert XML string into etree.Element."""
try:
return etree.XML(text)
return etree.XML(text, forbid_entities=True)
except Exception:
# TODO:
# ExpatError: reference to invalid character number: line 1, column 62
Expand Down

0 comments on commit 8be54c7

Please sign in to comment.