mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
10 lines
322 B
Python
10 lines
322 B
Python
# Safe: lxml.etree.parse is XXE-safe by default in modern lxml — external
|
|
# entities are not resolved unless `XMLParser(resolve_entities=True)` is
|
|
# passed in. No XXE rule should fire here.
|
|
import lxml.etree
|
|
from flask import request
|
|
|
|
|
|
def handle():
|
|
body = request.args.get("xml")
|
|
return lxml.etree.parse(body)
|