From 046e6c5701da96dd64b613c2bc9cfd245c83b1a5 Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@qt.io>
Date: Wed, 23 Apr 2025 13:42:42 +0200
Subject: Mark QXmlUtils as security-critical

QXmlUtils are used by QXmlStream and QDom, both of which are (or ought
soon to be) marked as security-critical. The component is clearly a
data-parser, too, with the same input as QXmlStream and QDom, so has to
be security-critical, too.

The header file contains only declarations, so it gets the default
score:significant.

Amends 8df072fc8006510c9b743e8ffedaaf51a876883a.

QUIP: 23
Task-number: QTBUG-135194
Pick-to: 6.10 6.9 6.8
Change-Id: I415486dbba0c748e6af561ea4f098ea42c4b1830
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
---
 src/corelib/serialization/qxmlutils.cpp | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/corelib/serialization/qxmlutils.cpp')

diff --git a/src/corelib/serialization/qxmlutils.cpp b/src/corelib/serialization/qxmlutils.cpp
index e6fae7c173f..f84b27dc88d 100644
--- a/src/corelib/serialization/qxmlutils.cpp
+++ b/src/corelib/serialization/qxmlutils.cpp
@@ -1,5 +1,6 @@
 // Copyright (C) 2016 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include <qstring.h>
 
-- 
cgit v1.2.3