Skip to content

agentine/xmlguard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.github
.github
 
 
src/xmlguard
src/xmlguard
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
PLAN.md
PLAN.md
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 
uv.lock
uv.lock
 
 

Repository files navigation

xmlguard

Secure XML processing for Python. Drop-in replacement for defusedxml.

Features

  • Safe wrappers for all stdlib XML parsers (ElementTree, minidom, SAX, pulldom, expat)
  • Blocks entity expansion bombs (Billion Laughs), XXE injection, DTD retrieval
  • Configurable limits for entity expansions, DTD depth, element depth, XML size
  • Zero runtime dependencies, Python 3.10+
  • Full type annotations (PEP 561)
  • defusedxml compatibility layer for zero-change migration

Installation

pip install xmlguard

Usage

from xmlguard.ElementTree import parse

# Safe by default — entities, external entities, and DTDs are blocked
tree = parse("data.xml")

License

MIT

About

Secure XML processing for Python — drop-in defusedxml replacement

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
Mar 16, 2026

Packages

 
 
 

Contributors

Languages