diff --git a/requirements.txt b/requirements.txt index 2c3af04..2542875 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,3 @@ numpy svgwrite +defusedxml \ No newline at end of file diff --git a/svgpathtools/document.py b/svgpathtools/document.py index f88f5ba..adf1c14 100644 --- a/svgpathtools/document.py +++ b/svgpathtools/document.py @@ -39,7 +39,7 @@ import os import collections import xml.etree.ElementTree as etree from xml.etree.ElementTree import Element, SubElement, register_namespace -from xml.dom.minidom import parseString +from defusedxml.minidom import parseString import warnings from tempfile import gettempdir from time import time diff --git a/svgpathtools/paths2svg.py b/svgpathtools/paths2svg.py index f9c461f..978d48a 100644 --- a/svgpathtools/paths2svg.py +++ b/svgpathtools/paths2svg.py @@ -8,7 +8,7 @@ from __future__ import division, absolute_import, print_function from math import ceil from os import path as os_path, makedirs from tempfile import gettempdir -from xml.dom.minidom import parse as md_xml_parse +from defusedxml.minidom import parse as md_xml_parse from svgwrite import Drawing, text as txt from time import time from warnings import warn diff --git a/svgpathtools/svg_io_sax.py b/svgpathtools/svg_io_sax.py index 413ce69..49e160f 100644 --- a/svgpathtools/svg_io_sax.py +++ b/svgpathtools/svg_io_sax.py @@ -5,7 +5,8 @@ # External dependencies from __future__ import division, absolute_import, print_function import os -from xml.etree.ElementTree import iterparse, Element, ElementTree, SubElement +from xml.etree.ElementTree import Element, ElementTree, SubElement +from defusedxml.cElementTree import iterparse # Internal dependencies from .parser import parse_path diff --git a/svgpathtools/svg_to_paths.py b/svgpathtools/svg_to_paths.py index 2dff80a..99173fb 100644 --- a/svgpathtools/svg_to_paths.py +++ b/svgpathtools/svg_to_paths.py @@ -3,7 +3,7 @@ The main tool being the svg2paths() function.""" # External dependencies from __future__ import division, absolute_import, print_function -from xml.dom.minidom import parse +from defusedxml.minidom import parse from os import path as os_path, getcwd import re @@ -17,9 +17,11 @@ COORD_PAIR_TMPLT = re.compile( r'([\+-]?\d*[\.\d]\d*[eE][\+-]?\d+|[\+-]?\d*[\.\d]\d*)' ) + def path2pathd(path): return path.get('d', '') + def ellipse2pathd(ellipse): """converts the parameters from an ellipse or a circle to a string for a Path object d-attribute"""