diff --git a/openedx/core/lib/safe_lxml/__init__.py b/openedx/core/lib/safe_lxml/__init__.py
index b17efb15cc15..d7d5239c5102 100644
--- a/openedx/core/lib/safe_lxml/__init__.py
+++ b/openedx/core/lib/safe_lxml/__init__.py
@@ -7,8 +7,6 @@ def defuse_xml_libs():
"""
Monkey patch and defuse all stdlib xml packages and lxml.
"""
- from defusedxml import defuse_stdlib
- defuse_stdlib()
import lxml
import lxml.etree
diff --git a/openedx/core/lib/safe_lxml/etree.py b/openedx/core/lib/safe_lxml/etree.py
index 21593f06ef4c..c5a684528dc6 100644
--- a/openedx/core/lib/safe_lxml/etree.py
+++ b/openedx/core/lib/safe_lxml/etree.py
@@ -16,10 +16,9 @@
from lxml.etree import XMLParser as _XMLParser
from lxml.etree import * # lint-amnesty, pylint: disable=redefined-builtin
-from lxml.etree import _Element, _ElementTree
-
-# This should be imported after lxml.etree so that it overrides the following attributes.
-from defusedxml.lxml import XML, fromstring, parse
+# These private elements are used in some libraries to also defuse xml exploits for their own purposes.
+# We need to re-expose them so that the libraries still work.
+from lxml.etree import _Comment, _Element, _ElementTree, _Entity, _ProcessingInstruction
class XMLParser(_XMLParser): # pylint: disable=function-redefined
diff --git a/openedx/core/lib/safe_lxml/tests.py b/openedx/core/lib/safe_lxml/tests.py
index 3608d43bfa93..7d7c1fbbf05e 100644
--- a/openedx/core/lib/safe_lxml/tests.py
+++ b/openedx/core/lib/safe_lxml/tests.py
@@ -1,29 +1,24 @@
"""
Test that we have defused XML.
-
-For these tests, the defusing will happen in one or more of the `conftest.py`
-files that runs at pytest startup calls `defuse_xml_libs()`.
-
-In production, the defusing happens when the LMS or Studio `wsgi.py` files
-call `defuse_xml_libs()`.
"""
-import defusedxml
from lxml import etree
import pytest
-@pytest.mark.parametrize("attr", ["XML", "fromstring", "parse"])
-def test_etree_is_defused(attr):
- func = getattr(etree, attr)
- assert "defused" in func.__code__.co_filename
+def test_entities_resolved():
+ xml = ']> &hi;'
+ parser = etree.XMLParser(resolve_entities=True)
+ tree = etree.fromstring(xml, parser=parser)
+ pr = etree.tostring(tree)
+ assert pr == b'Hello'
def test_entities_arent_resolved():
- # Make sure we have disabled entity resolution.
xml = ']> &hi;'
- parser = etree.XMLParser()
- with pytest.raises(defusedxml.EntitiesForbidden):
- _ = etree.XML(xml, parser=parser)
+ parser = etree.XMLParser(resolve_entities=False)
+ tree = etree.fromstring(xml, parser=parser)
+ pr = etree.tostring(tree)
+ assert pr == b'&hi;'