gmarkup: Make the documentation even more explicit about untrusted input

GMarkup is not to be used for untrusted input. It’s always been designed for parsing application-provided data files, not random stuff sent to you by an attacker. Signed-off-by: Philip Withnall <withnall@endlessm.com>
2024-11-11 20:06:18 +01:00 · 2018-09-18 12:02:06 +01:00 · 2018-09-18 12:02:06 +01:00 · c2a90761a7
commit c2a90761a7
parent f928dfdf57
1 changed files with 2 additions and 1 deletions
--- a/glib/gmarkup.c
+++ b/glib/gmarkup.c
@ -45,7 +45,8 @@
 * The "GMarkup" parser is intended to parse a simple markup format
 * that's a subset of XML. This is a small, efficient, easy-to-use
 * parser. It should not be used if you expect to interoperate with
- * other applications generating full-scale XML. However, it's very
+ * other applications generating full-scale XML, and must not be used if you
+ * expect to parse untrusted input. However, it's very
 * useful for application data files, config files, etc. where you
 * know your application will be the only one writing the file.
 * Full-scale XML parsers should be able to parse the subset used by