defusedxml 导致 xml.etree.ElementTree.Element 异常
source link: https://zhiqiang.org/coding/defusedxml-break-xml-etree-elementtree-element.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
defusedxml 导致 xml.etree.ElementTree.Element 异常
在升级 django-wiki 后, Python 的 markdown 库里爆出来一个错误:
SubElement() argument 1 must be xml.etree.ElementTree.Element, not Element
仔细看 markdown 库的源代码,没有查出任何问题。在 stackoverflow 上查到一个诡异的说法:
ElementTree in its C version is very picky about the exact class that is being passed in. So that if the elements come from a file loading the python version of ElementTree, you can't insert them in your ElementTree. Even if they're both loading the C-version of ElementTree (cElementTree before Python 3.3), if they're not loading from the same binary file (one is inside the virtual environment, one is outside, for instance), then this message appears (formerly the even more cryptic argument 1 must be Element, not Element message).
但他也没说怎么解决。继续查找,发现 defusedxml 的一个问题defusedxml.ElementTree breaks the xml.etree.ElementTree package,尝试升级 defusedxml 库后,问题解决。
defusedxml 库用来解决 XML 的安全性问题( Python 自带的 xml.etree.ElementTree 模块对于恶意构建的数据是不安全的),没想到自己引入这么大的问题。
Q. E. D.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK