Closes #19179: make table of XML vulnerabilities clearer by using "everyday" booleans...

diff --git a/Doc/library/xml.rst b/Doc/library/xml.rst
index d255f7fcc686e30f563d5858cf4fe318892b5d9d..d796d828ab8d920e8d24c83647f2b75f3c125725 100644 (file)
--- a/Doc/library/xml.rst
+++ b/Doc/library/xml.rst
@@ -53,15 +53,17 @@ access local files, to generate network connections to other machines, or
 to or circumvent firewalls. The attacks on XML abuse unfamiliar features
 like inline `DTD`_ (document type definition) with entities.
 
+The following table gives an overview of the known attacks and if the various
+modules are vulnerable to them.
 
 =========================  ========  =========  =========  ========  =========
 kind                       sax       etree      minidom    pulldom   xmlrpc
 =========================  ========  =========  =========  ========  =========
-billion laughs             **True**  **True**   **True**   **True**  **True**
-quadratic blowup           **True**  **True**   **True**   **True**  **True**
-external entity expansion  **True**  False (1)  False (2)  **True**  False (3)
-DTD retrieval              **True**  False      False      **True**  False
-decompression bomb         False     False      False      False     **True**
+billion laughs             **Yes**   **Yes**    **Yes**    **Yes**   **Yes**
+quadratic blowup           **Yes**   **Yes**    **Yes**    **Yes**   **Yes**
+external entity expansion  **Yes**   No    (1)  No    (2)  **Yes**   No    (3)
+DTD retrieval              **Yes**   No         No         **Yes**   No
+decompression bomb         No        No         No         No        **Yes**
 =========================  ========  =========  =========  ========  =========
 
 1. :mod:`xml.etree.ElementTree` doesn't expand external entities and raises a