Reputation: 3518
Is html5lib vunerable to malicious input?
Python's XML Processing Modules documentation lists vulnerabilities in its XML processing modules. I would assume that html5lib is not similarly vulnerable to malicious input as it follows the HTML5 spec (unknown bugs aside), but I hate making assumptions and I can't find discussion of potential security issues.
So are there any security issues I should be aware of? Or is it safe to use it to parse maliciously constructed html?
Upvotes: 0
Views: 98
Answers (1)
Reputation: 5692
The short answer is no (at least that anyone is aware of) — the XML attacks take advantage of "features" of XML that don't exist in HTML. (Technically, "decompression bombs" apply to almost any formats, and aren't really attacks on XML — they're attacks on decompressors.)
Upvotes: 2
Related Questions
- Using python with HTML
- Python: Safely render user entered html code
- get ''expected-doctype-but-got-chars " error when i use html5lib of python?
- Can't open html5lib in Python
- html5lib. How to get valid html without adding html, head and body tags?
- How safe are the new HTML5 input tags
- html5lib returns <None>
- What is going on with this html5lib script?
- Remove a bad tag completely with html5lib.sanitizer
- does python BaseHttpServer support Html5?