https://github.com/python/cpython/commit/e6eac2b3aaa1dcc43c88428b6e39addb2b0543f2 commit: e6eac2b3aaa1dcc43c88428b6e39addb2b0543f2 branch: 3.14 author: Petr Viktorin <[email protected]> committer: encukou <[email protected]> date: 2026-05-01T14:42:33+02:00 summary:
[3.14] gh-111264: Add a note about untrusted input to tomllib docs (GH-146209) (GH-149223) (cherry picked from commit 9d41e2a534aab460dd656ef251adaed5d2d64b93) Co-authored-by: Stan Ulbrych <[email protected]> files: M Doc/library/tomllib.rst diff --git a/Doc/library/tomllib.rst b/Doc/library/tomllib.rst index 30d7ff50a1acc1..95b2c91314c4d6 100644 --- a/Doc/library/tomllib.rst +++ b/Doc/library/tomllib.rst @@ -17,6 +17,13 @@ This module provides an interface for parsing TOML 1.0.0 (Tom's Obvious Minimal Language, `https://toml.io <https://toml.io/en/>`_). This module does not support writing TOML. +.. warning:: + + Be cautious when parsing data from untrusted sources. + A malicious TOML string may cause the decoder to consume considerable + CPU and memory resources. + Limiting the size of data to be parsed is recommended. + .. seealso:: The :pypi:`Tomli-W package <tomli-w>` _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/python-checkins.python.org Member address: [email protected]
