Skip to content

Commit

Permalink
Merge branch 'fix-xxe'
Browse files Browse the repository at this point in the history
  • Loading branch information
@aerkalov
aerkalov committed Jun 18, 2022
2 parents 10005a2 + f5f8e7c commit d4febc0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion ebooklib/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ def debug(obj):


def parse_string(s):
parser = etree.XMLParser(recover=True)
parser = etree.XMLParser(recover=True, resolve_entities=False)
try:
tree = etree.parse(io.BytesIO(s.encode('utf-8')) , parser=parser)
except:
Expand Down

1 comment on commit d4febc0

@mdbraber
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aerkalov could it be this change has not propagated to PyPi? When doing pip install ebooklib I had to manually add this fix to get it to work

Please sign in to comment.