From: Petr Viktorin <encukou@gmail.com>
Date: Thu, 30 Apr 2026 14:33:13 +0000 (+0200)
Subject: gh-111264: Add a note about untrusted input to tomllib docs (GH-146209)
X-Git-Tag: v3.15.0b1~157
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9d41e2a534aab460dd656ef251adaed5d2d64b93;p=thirdparty%2FPython%2Fcpython.git

gh-111264: Add a note about untrusted input to tomllib docs (GH-146209)



Co-authored-by: Stan Ulbrych <stan@python.org>
---

diff --git a/Doc/library/tomllib.rst b/Doc/library/tomllib.rst
index 2bac968c2bea..55610784362e 100644
--- a/Doc/library/tomllib.rst
+++ b/Doc/library/tomllib.rst
@@ -19,6 +19,12 @@ support writing TOML.
    Added TOML 1.1.0 support.
    See the :ref:`What's New <whatsnew315-tomllib-1-1-0>` for details.
 
+.. warning::
+
+   Be cautious when parsing data from untrusted sources.
+   A malicious TOML string may cause the decoder to consume considerable
+   CPU and memory resources.
+   Limiting the size of data to be parsed is recommended.
 
 .. seealso::