Skip to content

Commit f191830

Browse files
RAPTOR7762RAPTOR7762
authored
Update deserializer.py
1 parent bdeed3e commit f191830

File tree

1 file changed

+11
-1
lines changed

1 file changed

+11
-1
lines changed

pklxml/deserializer.py

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,17 @@
11
from lxml import etree
22

3+
def secureParser():
4+
return etree.XMLParser(
5+
resolve_entities=False,
6+
no_network=True,
7+
dtd_validation=False,
8+
load_dtd=False,
9+
huge_tree=False
10+
)
11+
312
def load(file_path):
4-
tree = etree.parse(file_path)
13+
parser = secureParser()
14+
tree = etree.parse(file_path, parser) # parse the file using secure parser
515
return _deserialize(tree.getroot())
616

717
def _deserialize(element):

0 commit comments

Comments
 (0)