Y
Hacker News
new
|
ask
|
show
|
jobs
by
masklinn
645 days ago
Note that this is not enabled by default, although there is an upper bound on tree size which does limit the reach of the issue.
See
https://lxml.de/FAQ.html#is-lxml-vulnerable-to-xml-bombs
for more about the tuning knobs.