From 3f741278cb59cd1ed76515e2a57c24444a641cbe Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Sat, 17 May 2025 03:14:25 +0000
Subject: [PATCH] Use Safe Defaults for `lxml` Parsers

---
 pandas/io/formats/xml.py | 2 +-
 pandas/io/xml.py         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pandas/io/formats/xml.py b/pandas/io/formats/xml.py
index f56fca8d7ef44..a9859ba598ee6 100644
--- a/pandas/io/formats/xml.py
+++ b/pandas/io/formats/xml.py
@@ -545,7 +545,7 @@ def _transform_doc(self) -> bytes:
         )
 
         with preprocess_data(handle_data) as xml_data:
-            curr_parser = XMLParser(encoding=self.encoding)
+            curr_parser = XMLParser(encoding=self.encoding, resolve_entities=False)
 
             if isinstance(xml_data, io.StringIO):
                 xsl_doc = fromstring(
diff --git a/pandas/io/xml.py b/pandas/io/xml.py
index bd3b515dbca2f..ca8306aa24e5b 100644
--- a/pandas/io/xml.py
+++ b/pandas/io/xml.py
@@ -636,7 +636,7 @@ def _parse_doc(
         )
 
         with preprocess_data(handle_data) as xml_data:
-            curr_parser = XMLParser(encoding=self.encoding)
+            curr_parser = XMLParser(encoding=self.encoding, resolve_entities=False)
 
             if isinstance(xml_data, io.StringIO):
                 if self.encoding is None: