luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2024-11-13 21:06:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

gmarkup: Make the documentation even more explicit about untrusted input

Browse Source 
GMarkup is not to be used for untrusted input. It’s always been designed
for parsing application-provided data files, not random stuff sent to
you by an attacker.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
This commit is contained in:
Philip Withnall 2018-09-18 12:02:06 +01:00
parent f928dfdf57
commit c2a90761a7
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
glib/gmarkup.c
View File

@ -45,7 +45,8 @@
* The "GMarkup" parser is intended to parse a simple markup format * The "GMarkup" parser is intended to parse a simple markup format
* that's a subset of XML. This is a small, efficient, easy-to-use * that's a subset of XML. This is a small, efficient, easy-to-use
* parser. It should not be used if you expect to interoperate with * parser. It should not be used if you expect to interoperate with
* other applications generating full-scale XML. However, it's very * other applications generating full-scale XML, and must not be used if you
* expect to parse untrusted input. However, it's very
* useful for application data files, config files, etc. where you * useful for application data files, config files, etc. where you
* know your application will be the only one writing the file. * know your application will be the only one writing the file.
* Full-scale XML parsers should be able to parse the subset used by * Full-scale XML parsers should be able to parse the subset used by