| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recursively defined entities can easily exhaust all available
memory. Limit entity expansion to a default of 4096 characters to
avoid DoS attacks when a user loads untrusted content.
Added a setter and getter to allow modifying the expansion limit.
[ChangeLog][QtCore][QXmlStream] QXmlStreamReader does now by default
limit the expansion of entities to 4096 characters. Documents where
a single entity expands to more characters than the limit are not
considered well formed. The limit is there to avoid DoS attacks through
recursively expanding entities when loading untrusted content. The
limit can be changed through the QXmlStreamReader::setEntityExpansionLimit()
method.
Fixes: QTBUG-47417
Change-Id: I94387815d74fcf34783e136387ee57fac5ded0c9
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
|
|
|
|
|
|
|
|
| |
Cleans up most of corelib to use nullptr or default enums
where appropriate.
Change-Id: Ifcaac14ecdaaee730f87f10941db3ce407d71ef9
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Some updates that made it into qxmlstream_p.h have not been reflected
in qxmlstream.g. Also fix the expected amount of shift/reduce
conflicts.
Fixes: QTBUG-60186
Change-Id: I2a5e1c579dbbe8812a75ca6bb1e3a6a0ba909cdf
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
| |
Also clean up QTextCodec usage in qmake build and some includes
of qtextcodec.h.
Change-Id: I0475b82690024054add4e85a8724c8ea3adcf62a
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
|
|
This is in preparation to adding CBOR support. We don't need yet another
dir for CBOR and placing it in src/corelib/json is just wrong.
Change-Id: I9741f017961b410c910dfffd14ffb9d870340fa6
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|