[refs #95885] Document XML attack protection

eea · Jun 13, 2018 · c8caa94 · c8caa94
1 parent b06ce3a
commit c8caa94
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/search/management/commands/load_metadata.py b/search/management/commands/load_metadata.py
@@ -101,5 +101,7 @@ def handle(self, *args, **options):
                         f'Processed {len(records)} rows from sheet "{sheet.name}"'
                     )
                 )
+        # Disallow XML with <!ENTITY> declarations inside the DTD
+        # (https://github.com/python-excel/xlrd/issues/173)
         except defusedxml.EntitiesForbidden:
             self.stdout.write(self.style.ERROR('Please use a xlsx file without XEE'))