Tag
lxml
Safeguard articles tagged "lxml" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Industry Analysis
XXE Prevention in Python with resolve_entities=False
Why lxml's XMLParser resolves external entities by default, how resolve_entities=False actually stops XXE, and where Python teams still leave file-read and SSRF paths open.
Oct 22, 20257 min read
Vulnerability Analysis
CVE-2021-43818: XSS bypass in lxml Cleaner
CVE-2021-43818 shows how crafted SVG markup could slip past lxml's Cleaner sanitizer and execute script in supposedly 'cleaned' HTML output.
Oct 2, 20258 min read
Vulnerability Analysis
CVE-2020-27783: Cross-site scripting bypass in lxml html ...
CVE-2020-27783 lets attackers bypass lxml's html.clean.Cleaner sanitizer to smuggle XSS past HTML cleaning. Here's what's affected and how to remediate it.
Oct 2, 20257 min read