Stefan Behnel added the comment: Michele, could you elaborate how you would exploit this issue as a security risk?
I mean, I can easily create a (non-)XML-document with control characters manually, and the parser would reject it. What part of the create-to-serialise process exactly is a problem here? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue18850> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com