aboutsummaryrefslogtreecommitdiffstats
path: root/rest_framework/parsers.py
diff options
context:
space:
mode:
Diffstat (limited to 'rest_framework/parsers.py')
-rw-r--r--rest_framework/parsers.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/rest_framework/parsers.py b/rest_framework/parsers.py
index 7bbb5f94..491acd68 100644
--- a/rest_framework/parsers.py
+++ b/rest_framework/parsers.py
@@ -152,7 +152,7 @@ class XMLParser(BaseParser):
encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET)
parser = etree.DefusedXMLParser(encoding=encoding)
try:
- tree = etree.parse(stream, parser=parser)
+ tree = etree.parse(stream, parser=parser, forbid_dtd=True)
except (etree.ParseError, ValueError) as exc:
raise ParseError('XML parse error - %s' % six.u(exc))
data = self._xml_convert(tree.getroot())
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 23:14:23 +0000