Stefan Behnel added the comment: > I think the point here is clarifying whether xml expect text or just a byte > string. In case that's a stream of byte, I agree with you, is more a > "behaviour" problem.
XML is *defined* as a stream of bytes. Regarding the API side in ElementTree, Py2 accepts byte strings and Py3 requires Unicode strings. Py2 will not change in that regard, and I can't see this being a serious enough issue to change the ET-API there, so IMHO we can ignore Py2.x completely for this issue. (changing ticket accordingly) However, Py3 will happily write out control characters if they appear in the Unicode text string, so the issue is the same there. A fix for Py3 would be to add an input validation step, preferably at serialisation time. ---------- type: security -> enhancement versions: -Python 2.6, Python 2.7, Python 3.2, Python 3.3 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue18850> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com