What should we do with XML attacks?
Because Python is a lot of fun, all of its native xml parsers are vulnerable to various attacks. We're trying to write a decent software, so this is not acceptable.
An other way to go would be to monkey-patch ourselves the
etree code, since it's only vulnerable to two attacks, we'll only have to disable entity expansion support.