magpie.xml_util
Define a default XML parser that avoids XXE injection.
Package lxml
is employed directly even though some linters (e.g.: bandit
) report to employ defusedxml
instead, because that package’s extension with lxml
is marked as deprecated.
To use the module, import is as if importing lxml.etree
:
from weaver.xml_util import XML # ElementTree
from weaver import xml_util
data = xml_util.fromstring("<xml>content</xml>")
Functions
fromstring (→ XML)
|
Drop in replacement for lxml.etree.fromstring() using a secure XML parser. |
strip_namespace (→ None)
|
Strip the namespace component from all tags in the specified XML tree. |
Module Contents
-
magpie.xml_util.XML_PARSER[source]
-
magpie.xml_util.tostring[source]
-
magpie.xml_util.Element[source]
-
magpie.xml_util.ParseError[source]
-
magpie.xml_util.XML[source]
-
magpie.xml_util._lxml_fromstring[source]
-
magpie.xml_util.fromstring(text: str, parser: lxml.etree._FeedParser._FeedParser = XML_PARSER) → XML[source]
Drop in replacement for lxml.etree.fromstring()
using a secure XML parser.
-
magpie.xml_util.strip_namespace(tree: XML) → None[source]
Strip the namespace component from all tags in the specified XML tree.