[3.14] gh-148337: Document `importlib.resources` security model (GH-148340) (#148356)

author Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>

Sun, 12 Apr 2026 00:10:41 +0000 (02:10 +0200)

committer GitHub <noreply@github.com>

Sun, 12 Apr 2026 00:10:41 +0000 (17:10 -0700)
author Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Sun, 12 Apr 2026 00:10:41 +0000 (02:10 +0200)
committer GitHub <noreply@github.com>
Sun, 12 Apr 2026 00:10:41 +0000 (17:10 -0700)
diff --git a/Doc/library/importlib.resources.rst b/Doc/library/importlib.resources.rst

index 7a11f4fe0690048aed61cb81f1296506ca50032b..46eab78a22b66a999c4934b64c730df3be45ba2b 100644 (file)
--- a/Doc/library/importlib.resources.rst
+++ b/Doc/library/importlib.resources.rst
@@ -31,6 +31,12 @@ not** have to exist as physical files and directories on the file system:
  for example, a package and its resources can be imported from a zip file using
  :py:mod:`zipimport`.
  
+.. warning::
+
+   :mod:`importlib.resources` follows the same security model as the built-in
+   :func:`open` function. Passing untrusted inputs to the functions
+   in this module is unsafe.
+
  .. note::
  
     This module provides functionality similar to `pkg_resources
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Sun, 12 Apr 2026 00:10:41 +0000 (02:10 +0200)
committer	GitHub <noreply@github.com>
	Sun, 12 Apr 2026 00:10:41 +0000 (17:10 -0700)