Debian Patches

Status for python-xmltodict/0.13.0-1.1~deb13u1

Patch Description Author Forwarded Bugs Origin Last update
0001-Prevent-XML-injection-reject-in-element-attr-names-i.patch Prevent XML injection: reject '<'/'>' in element/attr names (incl. @xmlns)

* Add tests for tag names, attribute names, and @xmlns prefixes; confirm attr values are escaped.
Martin Blech <78768+martinblech@users.noreply.github.com> no 2025-09-04
0002-Enhance-unparse-XML-name-validation-with-stricter-ru.patch Enhance unparse() XML name validation with stricter rules and tests
Extend existing validation (previously only for "<" and ">") to also
reject element, attribute, and xmlns prefix names that are non-string,
start with "?" or "!", or contain "/", spaces, tabs, or newlines.
Update _emit and namespace handling to use _validate_name. Add tests
covering these new invalid name cases.
Martin Blech <78768+martinblech@users.noreply.github.com> no 2025-09-08
0003-Harden-XML-name-validation-reject-quotes-and-add-tes.patch Harden XML name validation: reject quotes and '='; add tests Martin Blech <78768+martinblech@users.noreply.github.com> no 2025-09-08

All known versions for source package 'python-xmltodict'

Links