Stefan Behnel added the comment:

Michele, could you elaborate how you would exploit this issue as a security 
risk?

I mean, I can easily create a (non-)XML-document with control characters 
manually, and the parser would reject it.

What part of the create-to-serialise process exactly is a problem here?

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue18850>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to