diff options
| author | Fabian Kosmale <fabian.kosmale@qt.io> | 2025-08-26 11:16:04 +0200 |
|---|---|---|
| committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2025-09-18 21:28:12 +0000 |
| commit | bc6c29d509649d99d882f3ecdf450dab33613c62 (patch) | |
| tree | 7ebdeb9de8fa45983598b9e0cbdfd7448715080d /src/qmlworkerscript/qquickworkerscript.cpp | |
| parent | f124a3bef4dba872358febfd7c165037a8c99049 (diff) | |
CRA review: mark workerscript subfolder
- Mark the global heades as insignificant, they don't contain any logic.
- Mark qv4serialize as critical: String data that might get passed to a
worker script might come from an untrusted context, and thus the
serialization process needs some basic care.
- Evertything else gets the default significant marker to indicate that
it has been reviewed.
Pick-to: 6.9 6.8
Fixes: QTBUG-136209
Change-Id: Ib820d551f687cbd41f0306d39552e55e8642a2b3
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
(cherry picked from commit cf798310238765612891696077f7d70570ad2e3a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'src/qmlworkerscript/qquickworkerscript.cpp')
| -rw-r--r-- | src/qmlworkerscript/qquickworkerscript.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/qmlworkerscript/qquickworkerscript.cpp b/src/qmlworkerscript/qquickworkerscript.cpp index 3235fd410d..0b75ff7e22 100644 --- a/src/qmlworkerscript/qquickworkerscript.cpp +++ b/src/qmlworkerscript/qquickworkerscript.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant #include "qtqmlworkerscriptglobal_p.h" #include "qquickworkerscript_p.h" |