42
from xml.dom import minidom
43
from xml.parsers import expat
45
from xml.sax import expatreader
42
46
from xml.sax import saxutils
44
48
from eventlet import event
567
571
return self.done.wait()
574
class ProtectedExpatParser(expatreader.ExpatParser):
575
"""An expat parser which disables DTD's and entities by default."""
577
def __init__(self, forbid_dtd=True, forbid_entities=True,
579
# Python 2.x old style class
580
expatreader.ExpatParser.__init__(self, *args, **kwargs)
581
self.forbid_dtd = forbid_dtd
582
self.forbid_entities = forbid_entities
584
def start_doctype_decl(self, name, sysid, pubid, has_internal_subset):
585
raise ValueError("Inline DTD forbidden")
587
def entity_decl(self, entityName, is_parameter_entity, value, base,
588
systemId, publicId, notationName):
589
raise ValueError("<!ENTITY> forbidden")
591
def unparsed_entity_decl(self, name, base, sysid, pubid, notation_name):
593
raise ValueError("<!ENTITY> forbidden")
596
expatreader.ExpatParser.reset(self)
598
self._parser.StartDoctypeDeclHandler = self.start_doctype_decl
599
if self.forbid_entities:
600
self._parser.EntityDeclHandler = self.entity_decl
601
self._parser.UnparsedEntityDeclHandler = self.unparsed_entity_decl
604
def safe_minidom_parse_string(xml_string):
605
"""Parse an XML string using minidom safely.
609
return minidom.parseString(xml_string, parser=ProtectedExpatParser())
610
except sax.SAXParseException as se:
611
raise expat.ExpatError()
570
614
def xhtml_escape(value):
571
615
"""Escapes a string so it is valid within XML or XHTML.