https://github.com/python/cpython/commit/9d41e2a534aab460dd656ef251adaed5d2d64b93 commit: 9d41e2a534aab460dd656ef251adaed5d2d64b93 branch: main author: Petr Viktorin <[email protected]> committer: encukou <[email protected]> date: 2026-04-30T16:33:13+02:00 summary:
gh-111264: Add a note about untrusted input to tomllib docs (GH-146209) Co-authored-by: Stan Ulbrych <[email protected]> files: M Doc/library/tomllib.rst diff --git a/Doc/library/tomllib.rst b/Doc/library/tomllib.rst index 2bac968c2bea68..55610784362eb8 100644 --- a/Doc/library/tomllib.rst +++ b/Doc/library/tomllib.rst @@ -19,6 +19,12 @@ support writing TOML. Added TOML 1.1.0 support. See the :ref:`What's New <whatsnew315-tomllib-1-1-0>` for details. +.. warning:: + + Be cautious when parsing data from untrusted sources. + A malicious TOML string may cause the decoder to consume considerable + CPU and memory resources. + Limiting the size of data to be parsed is recommended. .. seealso:: _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/python-checkins.python.org Member address: [email protected]
