magpie.xml_util

Define a default XML parser that avoids XXE injection.

Package lxml is employed directly even though some linters (e.g.: bandit) report to employ defusedxml instead, because that package’s extension with lxml is marked as deprecated.

To use the module, import is as if importing lxml.etree:

from weaver.xml_util import XML  # ElementTree
from weaver import xml_util

data = xml_util.fromstring("<xml>content</xml>")

Attributes

XML_PARSER

tostring

Element

ParseError

XML

_lxml_fromstring

Functions

fromstring(→ XML)

Drop in replacement for lxml.etree.fromstring() using a secure XML parser.

strip_namespace(→ None)

Strip the namespace component from all tags in the specified XML tree.

Module Contents

magpie.xml_util.XML_PARSER[source]
magpie.xml_util.tostring[source]
magpie.xml_util.Element[source]
magpie.xml_util.ParseError[source]
magpie.xml_util.XML[source]
magpie.xml_util._lxml_fromstring[source]
magpie.xml_util.fromstring(text: str, parser: lxml.etree._FeedParser._FeedParser = XML_PARSER) XML[source]

Drop in replacement for lxml.etree.fromstring() using a secure XML parser.

magpie.xml_util.strip_namespace(tree: XML) None[source]

Strip the namespace component from all tags in the specified XML tree.