From: Petr Viktorin <encukou@gmail.com>
Date: Fri, 1 May 2026 12:42:33 +0000 (+0200)
Subject: [3.14] gh-111264: Add a note about untrusted input to tomllib docs (GH-146209) (GH... 
X-Git-Tag: v3.14.5rc1~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e6eac2b3aaa1dcc43c88428b6e39addb2b0543f2;p=thirdparty%2FPython%2Fcpython.git

[3.14] gh-111264: Add a note about untrusted input to tomllib docs (GH-146209) (GH-149223)

(cherry picked from commit 9d41e2a534aab460dd656ef251adaed5d2d64b93)

Co-authored-by: Stan Ulbrych <stan@python.org>
---

diff --git a/Doc/library/tomllib.rst b/Doc/library/tomllib.rst
index 30d7ff50a1ac..95b2c91314c4 100644
--- a/Doc/library/tomllib.rst
+++ b/Doc/library/tomllib.rst
@@ -17,6 +17,13 @@ This module provides an interface for parsing TOML 1.0.0 (Tom's Obvious Minimal
 Language, `https://toml.io <https://toml.io/en/>`_). This module does not
 support writing TOML.
 
+.. warning::
+
+   Be cautious when parsing data from untrusted sources.
+   A malicious TOML string may cause the decoder to consume considerable
+   CPU and memory resources.
+   Limiting the size of data to be parsed is recommended.
+
 .. seealso::
 
     The :pypi:`Tomli-W package <tomli-w>`