replace xml parsers with defusedxml versions

requirements.txt

@@ -1,2 +1,3 @@
 numpy
 svgwrite
+defusedxml

svgpathtools/document.py

@@ -39,7 +39,7 @@ import os
 import collections
 import xml.etree.ElementTree as etree
 from xml.etree.ElementTree import Element, SubElement, register_namespace
-from xml.dom.minidom import parseString
+from defusedxml.minidom import parseString
 import warnings
 from tempfile import gettempdir
 from time import time

svgpathtools/paths2svg.py

@@ -8,7 +8,7 @@ from __future__ import division, absolute_import, print_function
 from math import ceil
 from os import path as os_path, makedirs
 from tempfile import gettempdir
-from xml.dom.minidom import parse as md_xml_parse
+from defusedxml.minidom import parse as md_xml_parse
 from svgwrite import Drawing, text as txt
 from time import time
 from warnings import warn

svgpathtools/svg_io_sax.py

@@ -5,7 +5,8 @@
 # External dependencies
 from __future__ import division, absolute_import, print_function
 import os
-from xml.etree.ElementTree import iterparse, Element, ElementTree, SubElement
+from xml.etree.ElementTree import Element, ElementTree, SubElement
+from defusedxml.cElementTree import iterparse
 
 # Internal dependencies
 from .parser import parse_path

svgpathtools/svg_to_paths.py

@@ -3,7 +3,7 @@ The main tool being the svg2paths() function."""
 
 # External dependencies
 from __future__ import division, absolute_import, print_function
-from xml.dom.minidom import parse
+from defusedxml.minidom import parse
 from os import path as os_path, getcwd
 import re
 
@@ -17,9 +17,11 @@ COORD_PAIR_TMPLT = re.compile(
     r'([\+-]?\d*[\.\d]\d*[eE][\+-]?\d+|[\+-]?\d*[\.\d]\d*)'
 )
 
+
 def path2pathd(path):
     return path.get('d', '')
 
+
 def ellipse2pathd(ellipse):
     """converts the parameters from an ellipse or a circle to a string for a 
     Path object d-attribute"""