diff --git a/setup.py b/setup.py index 8d39207..de96cae 100755 --- a/setup.py +++ b/setup.py @@ -18,6 +18,7 @@ install_requires = [ 'pytz', 'pyOpenSSL', 'python-dateutil', + 'defusedxml', 'six' ] diff --git a/src/saml2/__init__.py b/src/saml2/__init__.py index 6833d7e..b246caa 100644 --- a/src/saml2/__init__.py +++ b/src/saml2/__init__.py @@ -36,6 +36,7 @@ except ImportError: import cElementTree as ElementTree except ImportError: from elementtree import ElementTree +import defusedxml.ElementTree root_logger = logging.getLogger(__name__) root_logger.level = logging.NOTSET @@ -87,7 +88,7 @@ def create_class_from_xml_string(target_class, xml_string): """ if not isinstance(xml_string, six.binary_type): xml_string = xml_string.encode('utf-8') - tree = ElementTree.fromstring(xml_string) + tree = defusedxml.ElementTree.fromstring(xml_string) return create_class_from_element_tree(target_class, tree) @@ -269,7 +270,7 @@ class ExtensionElement(object): def extension_element_from_string(xml_string): - element_tree = ElementTree.fromstring(xml_string) + element_tree = defusedxml.ElementTree.fromstring(xml_string) return _extension_element_from_element_tree(element_tree) diff --git a/src/saml2/pack.py b/src/saml2/pack.py index e4c1462..728a516 100644 --- a/src/saml2/pack.py +++ b/src/saml2/pack.py @@ -37,6 +37,7 @@ except ImportError: import cElementTree as ElementTree except ImportError: from elementtree import ElementTree +import defusedxml.ElementTree NAMESPACE = "http://schemas.xmlsoap.org/soap/envelope/" FORM_SPEC = """