On Thu, Oct 26, 2017 at 2:18 PM, Daniel P. Berrange wrote:
> The XML_PARSE_NOENT flag to libxml will cause it to expand all entities in the
> input XML document when parsing. Doing this is bad practice if the XML input
> file comes from an untrusted source, because it can cause the XML parser to
The XML_PARSE_NOENT flag to libxml will cause it to expand all entities in the
input XML document when parsing. Doing this is bad practice if the XML input
file comes from an untrusted source, because it can cause the XML parser to load
arbitrary files that are readable by the user running XML pars
