Define a default XML parser that avoids XXE injection.
Package lxml is employed directly even though some linters (e.g.: bandit) report to employ defusedxml
instead, because that package’s extension with lxml is marked as deprecated.
To use the module, import is as if importing lxml.etree:
from weaver.xml_util import XML # ElementTree
from weaver import xml_util
data = xml_util.fromstring("<xml>content</xml>")
Module Contents
Functions
fromstring(→ XML)
|
Drop in replacement for lxml.etree.fromstring() using a secure XML parser. |
strip_namespace(→ None)
|
Strip the namespace component from all tags in the specified XML tree. |
Attributes
-
magpie.xml_util.XML_PARSER[source]
-
magpie.xml_util.tostring[source]
-
magpie.xml_util.Element[source]
-
magpie.xml_util.ParseError[source]
-
magpie.xml_util.XML[source]
-
magpie.xml_util._lxml_fromstring[source]
-
magpie.xml_util.fromstring(text: str, parser: lxml.etree._FeedParser._FeedParser = XML_PARSER) → XML[source]
Drop in replacement for lxml.etree.fromstring() using a secure XML parser.
-
magpie.xml_util.strip_namespace(tree: XML) → None[source]
Strip the namespace component from all tags in the specified XML tree.
