[3.13] gh-111264: Add a note about untrusted input to tomllib docs (#149226)

author Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>

Sat, 2 May 2026 11:13:57 +0000 (13:13 +0200)

committer GitHub <noreply@github.com>

Sat, 2 May 2026 11:13:57 +0000 (12:13 +0100)
author Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Sat, 2 May 2026 11:13:57 +0000 (13:13 +0200)
committer GitHub <noreply@github.com>
Sat, 2 May 2026 11:13:57 +0000 (12:13 +0100)
diff --git a/Doc/library/tomllib.rst b/Doc/library/tomllib.rst

index 521a7a17fb3e8bc9984e0d875ba7a3c89de231d8..77555c0e48490456bb7fd1c3ff805aa7503ff2b4 100644 (file)
--- a/Doc/library/tomllib.rst
+++ b/Doc/library/tomllib.rst
@@ -17,6 +17,13 @@ This module provides an interface for parsing TOML 1.0.0 (Tom's Obvious Minimal
  Language, `https://toml.io <https://toml.io/en/>`_). This module does not
  support writing TOML.
  
+.. warning::
+
+   Be cautious when parsing data from untrusted sources.
+   A malicious TOML string may cause the decoder to consume considerable
+   CPU and memory resources.
+   Limiting the size of data to be parsed is recommended.
+
  .. seealso::
  
      The :pypi:`Tomli-W package <tomli-w>`
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Sat, 2 May 2026 11:13:57 +0000 (13:13 +0200)
committer	GitHub <noreply@github.com>
	Sat, 2 May 2026 11:13:57 +0000 (12:13 +0100)