[3.14] gh-111264: Add a note about untrusted input to tomllib docs (GH-146209) (GH...

author Petr Viktorin <encukou@gmail.com>

Fri, 1 May 2026 12:42:33 +0000 (14:42 +0200)

committer GitHub <noreply@github.com>

Fri, 1 May 2026 12:42:33 +0000 (14:42 +0200)
author Petr Viktorin <encukou@gmail.com>
Fri, 1 May 2026 12:42:33 +0000 (14:42 +0200)
committer GitHub <noreply@github.com>
Fri, 1 May 2026 12:42:33 +0000 (14:42 +0200)
diff --git a/Doc/library/tomllib.rst b/Doc/library/tomllib.rst

index 30d7ff50a1acc114a6d7bc771685791eaab1e6fd..95b2c91314c4d65b23fc5b932738eaf1a77b98aa 100644 (file)
--- a/Doc/library/tomllib.rst
+++ b/Doc/library/tomllib.rst
@@ -17,6 +17,13 @@ This module provides an interface for parsing TOML 1.0.0 (Tom's Obvious Minimal
  Language, `https://toml.io <https://toml.io/en/>`_). This module does not
  support writing TOML.
  
+.. warning::
+
+   Be cautious when parsing data from untrusted sources.
+   A malicious TOML string may cause the decoder to consume considerable
+   CPU and memory resources.
+   Limiting the size of data to be parsed is recommended.
+
  .. seealso::
  
      The :pypi:`Tomli-W package <tomli-w>`
author	Petr Viktorin <encukou@gmail.com>
	Fri, 1 May 2026 12:42:33 +0000 (14:42 +0200)
committer	GitHub <noreply@github.com>
	Fri, 1 May 2026 12:42:33 +0000 (14:42 +0200)