gh-148337: Document `importlib.resources` security model (#148340)

author Stan Ulbrych <stan@python.org>

Fri, 10 Apr 2026 16:02:22 +0000 (17:02 +0100)

committer GitHub <noreply@github.com>

Fri, 10 Apr 2026 16:02:22 +0000 (17:02 +0100)
author Stan Ulbrych <stan@python.org>
Fri, 10 Apr 2026 16:02:22 +0000 (17:02 +0100)
committer GitHub <noreply@github.com>
Fri, 10 Apr 2026 16:02:22 +0000 (17:02 +0100)
diff --git a/Doc/library/importlib.resources.rst b/Doc/library/importlib.resources.rst

index 6bad0c4a9312d17dc1c12f53a08ca8dfd8768c90..653fa61420be869ae58b61bf1ba0a821a9ad7078 100644 (file)
--- a/Doc/library/importlib.resources.rst
+++ b/Doc/library/importlib.resources.rst
@@ -31,6 +31,12 @@ not** have to exist as physical files and directories on the file system:
  for example, a package and its resources can be imported from a zip file using
  :py:mod:`zipimport`.
  
+.. warning::
+
+   :mod:`importlib.resources` follows the same security model as the built-in
+   :func:`open` function. Passing untrusted inputs to the functions
+   in this module is unsafe.
+
  .. note::
  
     The standalone backport of this module provides more information
author	Stan Ulbrych <stan@python.org>
	Fri, 10 Apr 2026 16:02:22 +0000 (17:02 +0100)
committer	GitHub <noreply@github.com>
	Fri, 10 Apr 2026 16:02:22 +0000 (17:02 +0100)