[lxml-dev] Network downloading of schemas should be off by default?
Stefan Behnel
stefan_ml at behnel.de
Sun Jun 3 18:24:16 CEST 2007
Hi,
Itamar Shtull-Trauring wrote:
> Right now, AFAICT, is is on by default in lxml.etree.XMLParser. Network
> queries by library code are a bad idea: it's an unexpected behavior,
> causing potential security risk and guaranteed performance problems.
It's straight forward to switch it off, but I agree that it would be good to
have it disabled by default. Loading DTDs is off by default also, so that fits.
We should change the default behaviour for 2.0.
Stefan
More information about the lxml-dev
mailing list