diff --git a/Doc/library/pyexpat.rst b/Doc/library/pyexpat.rst index 9aae5c9da7471d..50760a17603f22 100644 --- a/Doc/library/pyexpat.rst +++ b/Doc/library/pyexpat.rst @@ -223,10 +223,12 @@ XMLParser Objects Calling ``SetReparseDeferralEnabled(True)`` allows re-enabling reparse deferral. - Note that :meth:`SetReparseDeferralEnabled` has been backported to some - prior releases of CPython as a security fix. Check for availability of - :meth:`SetReparseDeferralEnabled` using :func:`hasattr` if used in code - running across a variety of Python versions. + Note that :meth:`!SetReparseDeferralEnabled` + has been backported to some prior releases of CPython as a security fix. + Check for availability of + :meth:`!SetReparseDeferralEnabled` + using :func:`hasattr` if used in code running across a variety of Python + versions. .. versionadded:: 3.13 @@ -257,11 +259,19 @@ against some common XML vulnerabilities. The corresponding :attr:`~ExpatError.lineno` and :attr:`~ExpatError.offset` should not be used as they may have no special meaning. + Note that :meth:`!SetBillionLaughsAttackProtectionActivationThreshold` + has been backported to some prior releases of CPython as a security fix. + Check for availability of + :meth:`!SetBillionLaughsAttackProtectionActivationThreshold` + using :func:`hasattr` if used in code running across a variety of Python + versions. + .. note:: Activation thresholds below 4 MiB are known to break support for DITA 1.3 payload and are hence not recommended. + .. versionadded:: next .. method:: xmlparser.SetBillionLaughsAttackProtectionMaximumAmplification(max_factor, /) @@ -288,6 +298,13 @@ against some common XML vulnerabilities. The corresponding :attr:`~ExpatError.lineno` and :attr:`~ExpatError.offset` should not be used as they may have no special meaning. + Note that :meth:`!SetBillionLaughsAttackProtectionMaximumAmplification` + has been backported to some prior releases of CPython as a security fix. + Check for availability of + :meth:`!SetBillionLaughsAttackProtectionMaximumAmplification` + using :func:`hasattr` if used in code running across a variety of Python + versions. + .. note:: The maximum amplification factor is only considered if the threshold @@ -309,6 +326,13 @@ against some common XML vulnerabilities. The corresponding :attr:`~ExpatError.lineno` and :attr:`~ExpatError.offset` should not be used as they may have no special meaning. + Note that :meth:`!SetAllocTrackerActivationThreshold` + has been backported to some prior releases of CPython as a security fix. + Check for availability of + :meth:`!SetAllocTrackerActivationThreshold` + using :func:`hasattr` if used in code running across a variety of Python + versions. + .. versionadded:: next .. method:: xmlparser.SetAllocTrackerMaximumAmplification(max_factor, /) @@ -334,6 +358,13 @@ against some common XML vulnerabilities. The corresponding :attr:`~ExpatError.lineno` and :attr:`~ExpatError.offset` should not be used as they may have no special meaning. + Note that :meth:`!SetAllocTrackerMaximumAmplification` + has been backported to some prior releases of CPython as a security fix. + Check for availability of + :meth:`!SetAllocTrackerMaximumAmplification` + using :func:`hasattr` if used in code running across a variety of Python + versions. + .. note:: The maximum amplification factor is only considered if the threshold diff --git a/Doc/library/xml.etree.elementtree.rst b/Doc/library/xml.etree.elementtree.rst index 00075ac2a23e6b..5bdfac58ef8ab3 100644 --- a/Doc/library/xml.etree.elementtree.rst +++ b/Doc/library/xml.etree.elementtree.rst @@ -1398,8 +1398,10 @@ XMLParser Objects Disabling reparse deferral has security consequences; please see :meth:`xml.parsers.expat.xmlparser.SetReparseDeferralEnabled` for details. - Note that :meth:`flush` has been backported to some prior releases of - CPython as a security fix. Check for availability of :meth:`flush` + Note that :meth:`!flush` + has been backported to some prior releases of CPython as a security fix. + Check for availability of + :meth:`!flush` using :func:`hasattr` if used in code running across a variety of Python versions. @@ -1476,8 +1478,10 @@ XMLPullParser Objects Disabling reparse deferral has security consequences; please see :meth:`xml.parsers.expat.xmlparser.SetReparseDeferralEnabled` for details. - Note that :meth:`flush` has been backported to some prior releases of - CPython as a security fix. Check for availability of :meth:`flush` + Note that :meth:`!flush` + has been backported to some prior releases of CPython as a security fix. + Check for availability of + :meth:`!flush` using :func:`hasattr` if used in code running across a variety of Python versions.