magpie.xml_util
===============

.. py:module:: magpie.xml_util

.. autoapi-nested-parse::

   Define a default XML parser that avoids XXE injection.

   Package :mod:`lxml` is employed directly even though some linters (e.g.: ``bandit``) report to employ ``defusedxml``
   instead, because that package's extension with ``lxml`` is marked as deprecated.

   .. seealso::
       https://github.com/tiran/defusedxml#defusedxmllxml

   To use the module, import is as if importing ``lxml.etree``:

   .. code-block:: python

       from weaver.xml_util import XML  # ElementTree
       from weaver import xml_util

       data = xml_util.fromstring("<xml>content</xml>")



Attributes
----------

.. autoapisummary::

   magpie.xml_util.XML_PARSER
   magpie.xml_util.tostring
   magpie.xml_util.Element
   magpie.xml_util.ParseError
   magpie.xml_util.XML
   magpie.xml_util._lxml_fromstring


Functions
---------

.. autoapisummary::

   magpie.xml_util.fromstring
   magpie.xml_util.strip_namespace


Module Contents
---------------

.. py:data:: XML_PARSER

.. py:data:: tostring

.. py:data:: Element

.. py:data:: ParseError

.. py:data:: XML

.. py:data:: _lxml_fromstring

.. py:function:: fromstring(text: str, parser: lxml.etree._FeedParser._FeedParser = XML_PARSER) -> XML

   Drop in replacement for :func:`lxml.etree.fromstring` using a secure :term:`XML` parser.


.. py:function:: strip_namespace(tree: XML) -> None

   Strip the namespace component from all tags in the specified :term:`XML` tree.