https://github.com/python/cpython/commit/70b86e7829c42d36c80853ba9bf1da0d8464065b
commit: 70b86e7829c42d36c80853ba9bf1da0d8464065b
branch: main
author: Stan Ulbrych <[email protected]>
committer: FFY00 <[email protected]>
date: 2026-04-10T17:02:22+01:00
summary:
gh-148337: Document `importlib.resources` security model (#148340)
files:
M Doc/library/importlib.resources.rst
diff --git a/Doc/library/importlib.resources.rst
b/Doc/library/importlib.resources.rst
index 6bad0c4a9312d1..653fa61420be86 100644
--- a/Doc/library/importlib.resources.rst
+++ b/Doc/library/importlib.resources.rst
@@ -31,6 +31,12 @@ not** have to exist as physical files and directories on the
file system:
for example, a package and its resources can be imported from a zip file using
:py:mod:`zipimport`.
+.. warning::
+
+ :mod:`importlib.resources` follows the same security model as the built-in
+ :func:`open` function. Passing untrusted inputs to the functions
+ in this module is unsafe.
+
.. note::
The standalone backport of this module provides more information
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]
