Mark QXmlUtils as security-critical

QXmlUtils are used by QXmlStream and QDom, both of which are (or ought soon to be) marked as security-critical. The component is clearly a data-parser, too, with the same input as QXmlStream and QDom, so has to be security-critical, too. The header file contains only declarations, so it gets the default score:significant. Amends 8df072fc8006510c9b743e8ffedaaf51a876883a. QUIP: 23 Task-number: QTBUG-135194 Pick-to: 6.10 6.9 6.8 Change-Id: I415486dbba0c748e6af561ea4f098ea42c4b1830 Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
author: Marc Mutz <marc.mutz@qt.io> 2025-04-23 13:42:42 +0200
committer: Marc Mutz <marc.mutz@qt.io> 2025-06-26 15:32:01 +0000
commit: 046e6c5701da96dd64b613c2bc9cfd245c83b1a5 (patch)
tree: 4f7a9c13c000043da6806dce9f3fc100c86516ad /src/corelib/serialization/qxmlutils.cpp
parent: 2240e239327b9950283599caa447fc5506c252e1 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/corelib/serialization/qxmlutils.cpp b/src/corelib/serialization/qxmlutils.cpp
index e6fae7c173f..f84b27dc88d 100644
--- a/src/corelib/serialization/qxmlutils.cpp
+++ b/src/corelib/serialization/qxmlutils.cpp
@@ -1,5 +1,6 @@
 // Copyright (C) 2016 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include <qstring.h>
author	Marc Mutz <marc.mutz@qt.io>	2025-04-23 13:42:42 +0200
committer	Marc Mutz <marc.mutz@qt.io>	2025-06-26 15:32:01 +0000
commit	046e6c5701da96dd64b613c2bc9cfd245c83b1a5 (patch)
tree	4f7a9c13c000043da6806dce9f3fc100c86516ad /src/corelib/serialization/qxmlutils.cpp
parent	2240e239327b9950283599caa447fc5506c252e1 (diff)