From ab431ea0b9a7357d968f1d1c5c614649e9aaf358 Mon Sep 17 00:00:00 2001 From: Stefan Behnel Date: Fri, 10 Apr 2026 10:13:03 +0200 Subject: [PATCH] LP#2146291: Set "resolve_entities='internal'" as default for all parser subclasses. --- src/lxml/iterparse.pxi | 10 ++++++---- src/lxml/parser.pxi | 6 +++--- 2 files changed, 9 insertions(+), 7 deletions(-) Index: lxml-4.9.3/src/lxml/iterparse.pxi =================================================================== --- lxml-4.9.3.orig/src/lxml/iterparse.pxi +++ lxml-4.9.3/src/lxml/iterparse.pxi @@ -6,7 +6,8 @@ cdef class iterparse: u"""iterparse(self, source, events=("end",), tag=None, \ attribute_defaults=False, dtd_validation=False, \ load_dtd=False, no_network=True, remove_blank_text=False, \ - remove_comments=False, remove_pis=False, encoding=None, \ + compact=True, resolve_entities='internal', remove_comments=False, \ + remove_pis=False, strip_cdata=True, encoding=None, \ html=False, recover=None, huge_tree=False, schema=None) Incremental parser. @@ -44,7 +45,8 @@ cdef class iterparse: - remove_pis: discard processing instructions - strip_cdata: replace CDATA sections by normal text content (default: True) - compact: safe memory for short text content (default: True) - - resolve_entities: replace entities by their text value (default: True) + - resolve_entities: replace entities by their text value + (default: 'internal' only) - huge_tree: disable security restrictions and support very deep trees and very long text content (only affects libxml2 2.7+) - html: parse input as HTML (default: XML) @@ -67,7 +69,7 @@ cdef class iterparse: def __init__(self, source, events=(u"end",), *, tag=None, attribute_defaults=False, dtd_validation=False, load_dtd=False, no_network=True, remove_blank_text=False, - compact=True, resolve_entities=True, remove_comments=False, + compact=True, resolve_entities='internal', remove_comments=False, remove_pis=False, strip_cdata=True, encoding=None, html=False, recover=None, huge_tree=False, collect_ids=True, XMLSchema schema=None): Index: lxml-4.9.3/src/lxml/parser.pxi =================================================================== --- lxml-4.9.3.orig/src/lxml/parser.pxi +++ lxml-4.9.3/src/lxml/parser.pxi @@ -1535,7 +1535,7 @@ _XML_DEFAULT_PARSE_OPTIONS = ( ) cdef class XMLParser(_FeedParser): - u"""XMLParser(self, encoding=None, attribute_defaults=False, dtd_validation=False, load_dtd=False, no_network=True, ns_clean=False, recover=False, schema: XMLSchema =None, huge_tree=False, remove_blank_text=False, resolve_entities=True, remove_comments=False, remove_pis=False, strip_cdata=True, collect_ids=True, target=None, compact=True) + u"""XMLParser(self, encoding=None, attribute_defaults=False, dtd_validation=False, load_dtd=False, no_network=True, ns_clean=False, recover=False, schema: XMLSchema =None, huge_tree=False, remove_blank_text=False, resolve_entities='internal', remove_comments=False, remove_pis=False, strip_cdata=True, collect_ids=True, target=None, compact=True) The XML parser. @@ -1657,7 +1657,7 @@ cdef class ETCompatXMLParser(XMLParser): u"""ETCompatXMLParser(self, encoding=None, attribute_defaults=False, \ dtd_validation=False, load_dtd=False, no_network=True, \ ns_clean=False, recover=False, schema=None, \ - huge_tree=False, remove_blank_text=False, resolve_entities=True, \ + huge_tree=False, remove_blank_text=False, resolve_entities='internal', \ remove_comments=True, remove_pis=True, strip_cdata=True, \ target=None, compact=True) @@ -1671,7 +1671,7 @@ cdef class ETCompatXMLParser(XMLParser): def __init__(self, *, encoding=None, attribute_defaults=False, dtd_validation=False, load_dtd=False, no_network=True, ns_clean=False, recover=False, schema=None, - huge_tree=False, remove_blank_text=False, resolve_entities=True, + huge_tree=False, remove_blank_text=False, resolve_entities='internal', remove_comments=True, remove_pis=True, strip_cdata=True, target=None, compact=True): XMLParser.__init__(self,