Only defuse stdlib through an env var

https://github.com/inducer/relate/issues/905
This commit is contained in:
mathieui 2022-03-18 23:58:37 +01:00
parent abd699593f
commit 41d733e77f

View file

@ -4,9 +4,13 @@
# This file is part of Slixmpp.
# See the file LICENSE for copying permission.
import logging
from os import getenv
logging.getLogger(__name__).addHandler(logging.NullHandler())
# Use defusedxml if available
# Use defusedxml if wanted
# Since enabling it can have adverse consequences for the programs using
# slixmpp, do not enable it by default.
if getenv('SLIXMPP_ENABLE_DEFUSEDXML', default='false').lower() == 'true':
try:
import defusedxml
defusedxml.defuse_stdlib()