[issue20237] Ambiguous sentence in document of xml package.

A.M. Kuchling added the comment: I applied Fran Bull's change; thanks for the patch! The vulnerabilities section had several grammar issues, so I made an editing pass over it and made various other changes in my commit. -- nosy: +akuchling stage: -> committed/rejected status: open ->

[issue20237] Ambiguous sentence in document of xml package.

Roundup Robot added the comment: New changeset 1c93895c32d8 by Andrew Kuchling in branch '3.3': #20237: make a revision pass over the XML vulnerabilities section http://hg.python.org/cpython/rev/1c93895c32d8 -- nosy: +python-dev ___ Python tracker

[issue20237] Ambiguous sentence in document of xml package.

Terry J. Reedy added the comment: I took the sentence to mean 1) more that 2). I agree that it should be revised. -- nosy: +terry.reedy versions: -Python 3.2 ___ Python tracker

[issue20237] Ambiguous sentence in document of xml package.

R. David Murray added the comment: Actually, I think it means that the defusedxml documentation tells you what to do to protect yourself from various attack vectors, which pretty much amounts to importing certain functions from defusedxml and using them instead of the stdlib versions. Your pa

[issue20237] Ambiguous sentence in document of xml package.

Fran Bull added the comment: I think the sentence either means: 1) The courses of action that defusedxml implements are those recommended for any server code that parses untrusted XML data. or 2) Using defused XML is recommended for any server code that parses untrusted XML data. And I thin

[issue20237] Ambiguous sentence in document of xml package.

R. David Murray added the comment: s/courses of action/kinds of actions/ in my explanation, otherwise it might be just as confusing :) -- ___ Python tracker ___

[issue20237] Ambiguous sentence in document of xml package.

R. David Murray added the comment: It means that the package suggests what courses of action to take when parsing untrusted data. I don't know how it goes about doing that, though, so we'll have to ask Christian to clarify. -- assignee: docs@python -> nosy: +christian.heimes, r.david

[issue20237] Ambiguous sentence in document of xml package.

New submission from INADA Naoki: http://docs.python.org/3.3/library/xml.html#defused-packages "The courses of action are recommended for any server code that parses untrusted XML data." What this sentence means? What "The courses" is? -- assignee: docs@python components: Documentation