From ab431ea0b9a7357d968f1d1c5c614649e9aaf358 Mon Sep 17 00:00:00 2001 From: Stefan Behnel Date: Fri, 10 Apr 2026 10:13:03 +0200 Subject: [PATCH] LP#2146291: Set "resolve_entities='internal'" as default for all parser subclasses. --- src/lxml/iterparse.pxi | 10 ++++++---- src/lxml/parser.pxi | 6 +++--- 2 files changed, 9 insertions(+), 7 deletions(-) Index: lxml-5.4.0/src/lxml/iterparse.pxi =================================================================== --- lxml-5.4.0.orig/src/lxml/iterparse.pxi +++ lxml-5.4.0/src/lxml/iterparse.pxi @@ -6,7 +6,8 @@ cdef class iterparse: """iterparse(self, source, events=("end",), tag=None, \ attribute_defaults=False, dtd_validation=False, \ load_dtd=False, no_network=True, remove_blank_text=False, \ - remove_comments=False, remove_pis=False, encoding=None, \ + compact=True, resolve_entities='internal', remove_comments=False, \ + remove_pis=False, strip_cdata=True, encoding=None, \ html=False, recover=None, huge_tree=False, schema=None) Incremental parser. @@ -42,10 +43,11 @@ cdef class iterparse: - remove_blank_text: discard blank text nodes - remove_comments: discard comments - remove_pis: discard processing instructions - - strip_cdata: replace CDATA sections by normal text content (default: + - strip_cdata: replace CDATA sections by normal text content (default: True for XML, ignored otherwise) - compact: safe memory for short text content (default: True) - - resolve_entities: replace entities by their text value (default: True) + - resolve_entities: replace entities by their text value + (default: 'internal' only) - huge_tree: disable security restrictions and support very deep trees and very long text content (only affects libxml2 2.7+) - html: parse input as HTML (default: XML) @@ -68,7 +70,7 @@ cdef class iterparse: def __init__(self, source, events=("end",), *, tag=None, attribute_defaults=False, dtd_validation=False, load_dtd=False, no_network=True, remove_blank_text=False, - compact=True, resolve_entities=True, remove_comments=False, + compact=True, resolve_entities='internal', remove_comments=False, remove_pis=False, strip_cdata=True, encoding=None, html=False, recover=None, huge_tree=False, collect_ids=True, XMLSchema schema=None): Index: lxml-5.4.0/src/lxml/parser.pxi =================================================================== --- lxml-5.4.0.orig/src/lxml/parser.pxi +++ lxml-5.4.0/src/lxml/parser.pxi @@ -1550,7 +1550,7 @@ _XML_DEFAULT_PARSE_OPTIONS = ( ) cdef class XMLParser(_FeedParser): - """XMLParser(self, encoding=None, attribute_defaults=False, dtd_validation=False, load_dtd=False, no_network=True, ns_clean=False, recover=False, schema: XMLSchema =None, huge_tree=False, remove_blank_text=False, resolve_entities=True, remove_comments=False, remove_pis=False, strip_cdata=True, collect_ids=True, target=None, compact=True) + """XMLParser(self, encoding=None, attribute_defaults=False, dtd_validation=False, load_dtd=False, no_network=True, ns_clean=False, recover=False, schema: XMLSchema =None, huge_tree=False, remove_blank_text=False, resolve_entities='internal', remove_comments=False, remove_pis=False, strip_cdata=True, collect_ids=True, target=None, compact=True) The XML parser. @@ -1672,7 +1672,7 @@ cdef class ETCompatXMLParser(XMLParser): """ETCompatXMLParser(self, encoding=None, attribute_defaults=False, \ dtd_validation=False, load_dtd=False, no_network=True, \ ns_clean=False, recover=False, schema=None, \ - huge_tree=False, remove_blank_text=False, resolve_entities=True, \ + huge_tree=False, remove_blank_text=False, resolve_entities='internal', \ remove_comments=True, remove_pis=True, strip_cdata=True, \ target=None, compact=True) @@ -1686,7 +1686,7 @@ cdef class ETCompatXMLParser(XMLParser): def __init__(self, *, encoding=None, attribute_defaults=False, dtd_validation=False, load_dtd=False, no_network=True, ns_clean=False, recover=False, schema=None, - huge_tree=False, remove_blank_text=False, resolve_entities=True, + huge_tree=False, remove_blank_text=False, resolve_entities='internal', remove_comments=True, remove_pis=True, strip_cdata=True, target=None, compact=True): XMLParser.__init__(self,