Security 
========

XML Director itself is directly based on the ``Plone`` content management system
which counts as a very safe and secure CMS and has a great security record
for almost 15 years.

XML security
------------

XML Director tries its best to deal with attacks caused by XML data.  All
incoming data is parsed and verified against the most common XML attack vectors
like exponantial entity expansion or external entity expansion.  The XML
protection is based on the ``defusedxml`` module
(https://pypi.python.org/pypi/defusedxml).

Resources
---------

- https://en.wikipedia.org/wiki/Billion_laughs
- https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
- https://pypi.python.org/pypi/defusedxml