gh-111264: Add a note about untrusted input to tomllib docs (GH-146209)

author Petr Viktorin <encukou@gmail.com>

Thu, 30 Apr 2026 14:33:13 +0000 (16:33 +0200)

committer GitHub <noreply@github.com>

Thu, 30 Apr 2026 14:33:13 +0000 (16:33 +0200)
author Petr Viktorin <encukou@gmail.com>
Thu, 30 Apr 2026 14:33:13 +0000 (16:33 +0200)
committer GitHub <noreply@github.com>
Thu, 30 Apr 2026 14:33:13 +0000 (16:33 +0200)
diff --git a/Doc/library/tomllib.rst b/Doc/library/tomllib.rst

index 2bac968c2bea68193fe7aa57d45537c2bd2e1a5d..55610784362eb84525f03f4626afb2ca2f7c6624 100644 (file)
--- a/Doc/library/tomllib.rst
+++ b/Doc/library/tomllib.rst
@@ -19,6 +19,12 @@ support writing TOML.
     Added TOML 1.1.0 support.
     See the :ref:`What's New <whatsnew315-tomllib-1-1-0>` for details.
  
+.. warning::
+
+   Be cautious when parsing data from untrusted sources.
+   A malicious TOML string may cause the decoder to consume considerable
+   CPU and memory resources.
+   Limiting the size of data to be parsed is recommended.
  
  .. seealso::
author	Petr Viktorin <encukou@gmail.com>
	Thu, 30 Apr 2026 14:33:13 +0000 (16:33 +0200)
committer	GitHub <noreply@github.com>
	Thu, 30 Apr 2026 14:33:13 +0000 (16:33 +0200)