Add a brief section about security of JavaScript with Qt

Emphasize that the model is the same as with C++ (or QML for that
matter), in the sense that only trusted code should be evaluated.

Change-Id: Idd377af76ac7ebeb9f92a9ccc359c612f73e8bef
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
Reviewed-by: Mitch Curtis <mitch.curtis@qt.io>

1 files changed, 12 insertions, 0 deletions

diff --git a/src/qml/doc/src/javascript/qtjavascript.qdoc b/src/qml/doc/src/javascript/qtjavascript.qdoc
index d55e87a14d..ad93d9d9ac 100644
--- a/src/qml/doc/src/javascript/qtjavascript.qdoc
+++ b/src/qml/doc/src/javascript/qtjavascript.qdoc
@@ -90,4 +90,16 @@
   underlying C++ object. Note that the name of the script variable
   can be anything; i.e., it is not dependent upon QObject::objectName().
 
+  \section1 Implications for Application Security
+
+  The security model of application scripting with JavaScript follows
+  the same model as for C++ code: the user installs scripts to run
+  that they trust in the same way as they install Qt applications.
+
+  In order to preserve the trust of users, application developers should
+  not evaluate arbitrary JavaScript code. The JavaScript engine's sandbox is
+  only a semantic barrier. The script is evaluated in the same process and
+  with the same privileges as the rest of the application and shares the
+  same memory. As a consequence, C++ objects exposed to scripts are
+  accessible without additional security guards.
  */