qiurui
/
qtdeclarative
mirror of https://github.com/qt/qtdeclarative.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Mark QML's JSON parser as critical 

We're doing fully custom parsing here, and external JSON must not cause
security issues.

Pick-to: 6.10 6.9 6.8
QUIP: 23
Task-number: QTBUG-136970
Change-Id: I43f8280a31ebc170382485e6f5f3e7c06aa7db1a
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
This commit is contained in:
Fabian Kosmale 2025-05-19 10:36:38 +02:00 committed by Ulf Hermann
parent a2f3dc0d76
commit c9f9e70da7
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/qml/jsruntime/qv4jsonobject.cpp
View File

@ -1,5 +1,6 @@
// Copyright (C) 2016 The Qt Company Ltd.
// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
// Qt-Security score:critical reason:dataparser
#include <qv4jsonobject_p.h>
#include <qv4objectproto_p.h>
#include <qv4numberobject_p.h>