lxml-4.4.0 (python module)

[Bruce Dubbs]

New minor version.

[Bruce Dubbs]

lxml changelog

4.4.0 (2019-07-27)

Features added

• Element.clear() accepts a new keyword argument keep_tail=True to clear everything but the tail text. This is helpful in some document-style use cases.

• When creating attributes or namespaces from a dict in Python 3.6+, lxml now preserves the original insertion order of that dict, instead of always sorting the items by name. A similar change was made for ElementTree in CPython 3.8. See ​https://bugs.python.org/issue34160

• Integer elements in lxml.objectify implement the index() special method.

• GH269: Read-only elements in XSLT were missing the nsmap property. Original patch by Jan Pazdziora.

• ElementInclude can now restrict the maximum inclusion depth via a max_depth argument to prevent content explosion. It is limited to 6 by default.

• The target object of the XMLParser can have start_ns() and end_ns() callback methods to listen to namespace declarations.

• The TreeBuilder has new arguments comment_factory and pi_factory to pass factories for creating comments and processing instructions, as well as flag arguments insert_comments and insert_pis to discard them from the tree when set to false.

• A C14N 2.0 <​https://www.w3.org/TR/xml-c14n2/>_ implementation was added as etree.canonicalize(), a corresponding C14NWriterTarget class, and a c14n2 serialisation method.

Bugs fixed

• When writing to file paths that contain the URL escape character '%', the file path could wrongly be mangled by URL unescaping and thus write to a different file or directory. Code that writes to file paths that are provided by untrusted sources, but that must work with previous versions of lxml, should best either reject paths that contain '%' characters, or otherwise make sure that the path does not contain maliciously injected '%XX' URL hex escapes for paths like '../'.

• Assigning to Element child slices with negative step could insert the slice at the wrong position, starting too far on the left.

• Assigning to Element child slices with overly large step size could take very long, regardless of the length of the actual slice.

• Assigning to Element child slices of the wrong size could sometimes fail to raise a ValueError (like a list assignment would) and instead assign outside of the original slice bounds or leave parts of it unreplaced.

• The comment and pi events in iterwalk() were never triggered, and instead, comments and processing instructions in the tree were reported as start elements. Also, when walking an ElementTree (as opposed to its root element), comments and PIs outside of the root element are now reported.

• LP1827833: The RelaxNG compact syntax support was broken with recent versions of rnc2rng.

• LP1758553: The HTML elements source and track were added to the list of empty tags in lxml.html.defs.

• Registering a prefix other than "xml" for the XML namespace is now rejected.

• Failing to write XSLT output to a file could raise a misleading exception. It now raises IOError.

Other changes

• Support for Python 3.4 was removed.

• When using Element.find*() with prefix-namespace mappings, the empty string is now accepted to define a default namespace, in addition to the previously supported None prefix. Empty strings are more convenient since they keep all prefix keys in a namespace dict strings, which simplifies sorting etc.

• The ElementTree.write_c14n() method has been deprecated in favour of the long preferred ElementTree.write(f, method="c14n"). It will be removed in a future release.

[Bruce Dubbs]

Fixed at revision 21881.