On 6 March 2018 at 14:06, Kevin Kofler <kevin.kof...@chello.at> wrote:

> Mitch Curtis wrote:
> > https://codereview.qt-project.org/#/c/221758/ makes
> > QObject::dumpObjectTree() and QObject::dumpObjectInfo() invokable so that
> > they can be used from QML.
>
> Would this have any security impact? I'm thinking of issues like ASLR
> bypass
> or other information leakage, if these end up being invokable from
> untrusted
> scripts. Or is all the information contained there already available to
> QML?
>
>
​QML is not safe to run untrusted scripts period.

Rich.
​
_______________________________________________
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Reply via email to