On Fri, Jul 17, 2015 at 4:23 AM, Joonas Liik <liik.joo...@gmail.com> wrote: > On 16 July 2015 at 20:49, Chris Angelico <ros...@gmail.com> wrote: >> >> This sounds like a denial-of-service attack. If you can state that no >> reasonable document will ever have more than 100 levels of nesting, >> then you can equally state that cutting the parser off with a tidy >> exception if it exceeds 100 levels is safe. >> > This particular example does have that kind of smell.. my bad for > being careless with examples. > > what if its not a ddos tho, maybe its just strange data? >
That's why you're allowed to change the default limit either direction. If you're guarding against a DOS, you can crank it down; if you're working with something where 1000 stack entries isn't unreasonable, you can crank it up. I honestly don't know what you'd want to do if 5000+ stack entries isn't enough, but if you're working with something *that* deeply nested, you probably know a lot more about what you're doing than I ever will. Maybe you could recompile CPython with a bigger stack? Give Jython or PyPy a try? No idea. But I'm sure it'd be possible somehow. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
