Update vs.py

The original code may have had an XXE vulnerability, which is now fixed

Author: wwwww127

tools/vs.py

@@ -30,6 +30,7 @@
 
 import xml.etree.ElementTree as etree
 from xml.etree.ElementTree import SubElement
+from defusedxml.ElementTree import parse
 from utils import _make_path_relative
 from utils import xml_indent
 fs_encoding = sys.getfilesystemencoding()
@@ -86,7 +87,8 @@ def VS_AddHeadFilesGroup(program, elem, project_path):
 def VSProject(target, script, program):
     project_path = os.path.dirname(os.path.abspath(target))
 
-    tree = etree.parse('template_vs2005.vcproj')
+    # tree = etree.parse('template_vs2005.vcproj') 
+    tree = parse('template_vs2005.vcproj', forbid_dtd=True)
     root = tree.getroot()
 
     out = open(target, 'w')