summaryrefslogtreecommitdiff
path: root/django/core/serializers/xml_serializer.py
diff options
context:
space:
mode:
Diffstat (limited to 'django/core/serializers/xml_serializer.py')
-rw-r--r--django/core/serializers/xml_serializer.py6
1 files changed, 5 insertions, 1 deletions
diff --git a/django/core/serializers/xml_serializer.py b/django/core/serializers/xml_serializer.py
index e159180e17..d8ffbdf00a 100644
--- a/django/core/serializers/xml_serializer.py
+++ b/django/core/serializers/xml_serializer.py
@@ -10,7 +10,7 @@ from xml.sax.expatreader import ExpatParser as _ExpatParser
from django.apps import apps
from django.conf import settings
-from django.core.exceptions import ObjectDoesNotExist
+from django.core.exceptions import ObjectDoesNotExist, SuspiciousOperation
from django.core.serializers import base
from django.db import DEFAULT_DB_ALIAS, models
from django.utils.xmlutils import SimplerXMLGenerator, UnserializableContentError
@@ -411,6 +411,8 @@ class Deserializer(base.Deserializer):
try:
for c in node.getElementsByTagName("object"):
values.append(m2m_convert(c))
+ except SuspiciousOperation:
+ raise
except Exception as e:
if isinstance(e, ObjectDoesNotExist) and self.handle_forward_references:
return base.DEFER_FIELD
@@ -440,6 +442,8 @@ class Deserializer(base.Deserializer):
def check_element_type(element):
+ if element.childNodes:
+ raise SuspiciousOperation(f"Unexpected element: {element.tagName!r}")
return element.nodeType in (element.TEXT_NODE, element.CDATA_SECTION_NODE)
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 01:01:38 +0000