weaver.xml_util
===============

.. py:module:: weaver.xml_util

.. autoapi-nested-parse::

   Define a default XML parser that avoids XXE injection.

   Package :mod:`lxml` is employed directly even though some linters (e.g.: ``bandit``) report to employ ``defusedxml``
   instead, because that package's extension with :mod:`lxml` is marked as deprecated.

   .. seealso::
       https://github.com/tiran/defusedxml/tree/main#defusedxmllxml

   To use the module, import is as if importing :mod:`lxml.etree`:

   .. code-block:: python

       from weaver.xml_util import XML  # ElementTree
       from weaver import xml_util

       data = xml_util.fromstring("<xml>content</xml>")







Module Contents
---------------

.. py:data:: XML_PARSER

.. py:data:: tostring

.. py:data:: Element

.. py:data:: ParseError

.. py:data:: XML

.. py:data:: XMLTree

.. py:data:: _lxml_fromstring

.. py:function:: fromstring(text: AnyStr, parser: lxml.etree.XMLParser = XML_PARSER) -> XML

.. py:function:: parse(source: Union[str, io.BufferedReader], parser: lxml.etree.XMLParser = XML_PARSER) -> XMLTree

.. py:data:: HTML

.. py:function:: _lxml_tree_parser_maker(**parser_kwargs: Any) -> lxml.etree.HTMLParser

   Generate the XML/HTML tree parser.

   Uses similar parameters as in :meth:`bs4.builder._lxml.LXMLTreeBuilderForXML.default_parser`,
   but overriding some other options to make it more secure.

   Without this modification, the builder is usually created using:

   .. code-block:: python

       etree.XMLParser(target=self, strip_cdata=False, recover=True, encoding=encoding)


.. py:data:: HTML_PARSER

.. py:data:: HTML_TREE_BUILDER

.. py:data:: LXML_TREE_BUILDER