diff options
| author | Tom Christie | 2013-02-22 19:41:09 +0000 |
|---|---|---|
| committer | Tom Christie | 2013-02-22 19:41:09 +0000 |
| commit | 569c3a28e662ccef251acc6494047ec9c83556c2 (patch) | |
| tree | c89979b38164bfc7df838a15f9ee4f8e9459217d /rest_framework/parsers.py | |
| parent | dcee027fa97f015ff3b87f0fd72b7995cdd6e155 (diff) | |
| download | django-rest-framework-569c3a28e662ccef251acc6494047ec9c83556c2.tar.bz2 | |
Add forbid_dtd flag, since we don't need any DTDs.
Diffstat (limited to 'rest_framework/parsers.py')
| -rw-r--r-- | rest_framework/parsers.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/rest_framework/parsers.py b/rest_framework/parsers.py index 7bbb5f94..491acd68 100644 --- a/rest_framework/parsers.py +++ b/rest_framework/parsers.py @@ -152,7 +152,7 @@ class XMLParser(BaseParser): encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET) parser = etree.DefusedXMLParser(encoding=encoding) try: - tree = etree.parse(stream, parser=parser) + tree = etree.parse(stream, parser=parser, forbid_dtd=True) except (etree.ParseError, ValueError) as exc: raise ParseError('XML parse error - %s' % six.u(exc)) data = self._xml_convert(tree.getroot()) |