Code Room
Code reviewMedium
Question
Review this Python endpoint that parses a user-uploaded XML config, with external entities already disabled.
What a strong answer looks like
Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.
Learn the concepts
from lxml import etree @app.route('/import', methods=['POST'])def import_config(): xml_bytes = request.get_data() parser = etree.XMLParser(resolve_entities=False, no_network=True) try: root = etree.fromstring(xml_bytes, parser=parser) except etree.XMLSyntaxError: return {'error': 'invalid xml'}, 400 config = {el.tag: el.text for el in root} save_config(config) return {'imported': len(config)}Run or narrate your approach, then ask the coach.