On 6 March 2018 at 14:06, Kevin Kofler <[email protected]> wrote:
> Mitch Curtis wrote: > > https://codereview.qt-project.org/#/c/221758/ makes > > QObject::dumpObjectTree() and QObject::dumpObjectInfo() invokable so that > > they can be used from QML. > > Would this have any security impact? I'm thinking of issues like ASLR > bypass > or other information leakage, if these end up being invokable from > untrusted > scripts. Or is all the information contained there already available to > QML? > > QML is not safe to run untrusted scripts period. Rich.
_______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
