We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent e4d4b2b commit 349a4bfCopy full SHA for 349a4bf
src/peppol_py/validation.py
@@ -28,6 +28,8 @@ def validate_peppol_document(
28
# only works with XSLT 1.0, and the Schematron is written in XSLT
29
# 2.0
30
with PySaxonProcessor(license=False) as proc:
31
+ # Prevent XXE: disallow access to any type of URL
32
+ proc.set_configuration_property("http://saxon.sf.net/feature/allowedProtocols", "")
33
for validation_xsl_file in schematron_xsls:
34
if not os.path.exists(validation_xsl_file):
35
# Resolve internal files
0 commit comments