https://github.com/python/cpython/commit/2f30fcf6748ae3baace466a1052787ba2e54fe65 commit: 2f30fcf6748ae3baace466a1052787ba2e54fe65 branch: 3.13 author: Miss Islington (bot) <[email protected]> committer: gpshead <[email protected]> date: 2026-04-11T17:10:53-07:00 summary:
[3.13] gh-148337: Document `importlib.resources` security model (GH-148340) (#148355) gh-148337: Document `importlib.resources` security model (GH-148340) (cherry picked from commit 70b86e7829c42d36c80853ba9bf1da0d8464065b) Co-authored-by: Stan Ulbrych <[email protected]> files: M Doc/library/importlib.resources.rst diff --git a/Doc/library/importlib.resources.rst b/Doc/library/importlib.resources.rst index 7a11f4fe069004..46eab78a22b66a 100644 --- a/Doc/library/importlib.resources.rst +++ b/Doc/library/importlib.resources.rst @@ -31,6 +31,12 @@ not** have to exist as physical files and directories on the file system: for example, a package and its resources can be imported from a zip file using :py:mod:`zipimport`. +.. warning:: + + :mod:`importlib.resources` follows the same security model as the built-in + :func:`open` function. Passing untrusted inputs to the functions + in this module is unsafe. + .. note:: This module provides functionality similar to `pkg_resources _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/python-checkins.python.org Member address: [email protected]
