https://github.com/python/cpython/commit/b2742046576487ccf20be9496fb74a476a6c5312 commit: b2742046576487ccf20be9496fb74a476a6c5312 branch: 3.13 author: Miss Islington (bot) <[email protected]> committer: StanFromIreland <[email protected]> date: 2026-05-02T12:13:57+01:00 summary:
[3.13] gh-111264: Add a note about untrusted input to tomllib docs (#149226) (cherry picked from commit 9d41e2a534aab460dd656ef251adaed5d2d64b93) Co-authored-by: Petr Viktorin <[email protected]> Co-authored-by: Stan Ulbrych <[email protected]> files: M Doc/library/tomllib.rst diff --git a/Doc/library/tomllib.rst b/Doc/library/tomllib.rst index 521a7a17fb3e8b..77555c0e484904 100644 --- a/Doc/library/tomllib.rst +++ b/Doc/library/tomllib.rst @@ -17,6 +17,13 @@ This module provides an interface for parsing TOML 1.0.0 (Tom's Obvious Minimal Language, `https://toml.io <https://toml.io/en/>`_). This module does not support writing TOML. +.. warning:: + + Be cautious when parsing data from untrusted sources. + A malicious TOML string may cause the decoder to consume considerable + CPU and memory resources. + Limiting the size of data to be parsed is recommended. + .. seealso:: The :pypi:`Tomli-W package <tomli-w>` _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/python-checkins.python.org Member address: [email protected]
