Address xml vulnerability in xml

Switch from xml.minidom to defusexml.minidom

README.md

@@ -3,6 +3,7 @@
 ![PyPI](https://img.shields.io/pypi/v/django-bootstrap-icons)
 ![PyPI - Downloads](https://img.shields.io/pypi/dm/django-bootstrap-icons)
 [![Django CI run test](https://github.com/christianwgd/django-bootstrap-icons/actions/workflows/django-test.yml/badge.svg)](https://github.com/christianwgd/django-bootstrap-icons/actions/workflows/django-test.yml)
+[![Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff)
 
 A quick way to add [Bootstrap Icons](https://icons.getbootstrap.com) with Django 
 template tags.

django_bootstrap_icons/templatetags/bootstrap_icons.py

@@ -1,7 +1,7 @@
 """ django bootstrap icons templatetags """
 import os
-import xml.dom.minidom
 import requests
+from defusedxml.minidom import parse, parseString
 
 from django.conf import settings
 from django.contrib.staticfiles.finders import find
@@ -85,7 +85,7 @@ def custom_icon(icon_name, size=None, color=None, extra_classes=None):
 
     icon_path = get_static(icon_name)
     try:
-        content = xml.dom.minidom.parse(icon_path)
+        content = parse(icon_path)
     except FileNotFoundError:
         return f"Icon <{icon_path}> does not exist"
     return format_html(render_svg(content, size, color, extra_classes))
@@ -127,7 +127,7 @@ def get_icon(icon_path, icon_name, size=None, color=None, extra_classes=None):
                 'BS_ICONS_NOT_FOUND',
                 f"Icon <{icon_path}> does not exist"
             )
-        content = xml.dom.minidom.parseString(resp.text)
+        content = parseString(resp.text)
         svg = render_svg(content, size, color, extra_classes)
         # if cache configured write icon to cache
         if cache_path and cache_file:

django_bootstrap_icons_sample/tests.py

@@ -1,6 +1,6 @@
-import xml
 import os
 
+from defusedxml.minidom import parse
 from django.conf import settings
 from django.test import TestCase, override_settings
 
@@ -19,30 +19,30 @@ def test_get_static(self):
 
     def test_render_svg(self):
         icon_path = get_static('apps')
-        content = xml.dom.minidom.parse(icon_path)
+        content = parse(icon_path)
         rendered = render_svg(content, size=None, color=None, extra_classes=None)
         self.assertIn('id="test-icon"', rendered)
         self.assertIn('viewBox="0 0 24 24"', rendered)
         self.assertIn('width="24"', rendered)
 
     def test_render_svg_size(self):
         icon_path = get_static('apps')
-        content = xml.dom.minidom.parse(icon_path)
+        content = parse(icon_path)
         rendered = render_svg(content, size='20px', color=None, extra_classes=None)
         self.assertIn('width="20px"', rendered)
         self.assertIn('height="20px"', rendered)
 
     def test_render_svg_color(self):
         icon_path = get_static('apps')
-        content = xml.dom.minidom.parse(icon_path)
+        content = parse(icon_path)
         self.assertIn(
             'fill="red"',
             render_svg(content, size=None, color='red', extra_classes=None)
         )
 
     def test_render_svg_extra_classes(self):
         icon_path = get_static('apps')
-        content = xml.dom.minidom.parse(icon_path)
+        content = parse(icon_path)
         self.assertIn(
             'class="class_a, class_b"',
             render_svg(content, size=None, color=None, extra_classes='class_a, class_b')