| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recursively defined entities can easily exhaust all available
memory. Limit entity expansion to a default of 4096 characters to
avoid DoS attacks when a user loads untrusted content.
Added a setter and getter to allow modifying the expansion limit.
[ChangeLog][QtCore][QXmlStream] QXmlStreamReader does now by default
limit the expansion of entities to 4096 characters. Documents where
a single entity expands to more characters than the limit are not
considered well formed. The limit is there to avoid DoS attacks through
recursively expanding entities when loading untrusted content. The
limit can be changed through the QXmlStreamReader::setEntityExpansionLimit()
method.
Fixes: QTBUG-47417
Change-Id: I94387815d74fcf34783e136387ee57fac5ded0c9
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
|\
| |
| |
| |
| |
| |
| | |
Conflicts:
src/gui/image/qpnghandler.cpp
Change-Id: I8630f363457bb613d8fb88470a71d95d97cdb301
|
| |
| |
| |
| |
| |
| |
| |
| | |
There's no point at keep raising errors after encountering the
first malformed attribute.
Change-Id: Idb37e577ea96c3bd850b3caf008fe3ecd57dd32e
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deprecated the SAX classes and disabled or replaced their uses in
tests if applicable.
Removed the saxbookmarks example, no point in keeping examples for
the deprecated code.
[ChangeLog][QtXml] SAX classes are now deprecated. Use QXmlStreamReader,
QXmlStreamWriter in QtCore instead.
Task-number: QTBUG-76177
Change-Id: Ic171d62fa0527b0f36f94cf09a69586092269957
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
| |
Change-Id: I852f016fcb619a9e634deee6efb1fe7930d974c8
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The first replacement had missed objective-C++ code some places ourside
the src dir.
In C-files Q_DECL_NOTHROW is replaced with Q_DECL_NOEXCEPT as we still
need to turn it off when compiled in C mode, but can get rid of the old
NOTHROW moniker.
Change-Id: I6370f57066679c5120d0265a69e7e378e09d4759
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
| |
Done-by: Eugenio Rustico
Change-Id: Ibd6aa6cc8be9090a4fad4f96628086d8a498b8e0
Fixes: QTBUG-63434
Reviewed-by: Andy Shaw <andy.shaw@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
This is in preparation to adding CBOR support. We don't need yet another
dir for CBOR and placing it in src/corelib/json is just wrong.
Change-Id: I9741f017961b410c910dfffd14ffb9d870340fa6
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|