From 2a85bdc77a5822dc228374a5d18bc416b7b1820c Mon Sep 17 00:00:00 2001
From: Shawn Rutledge <shawn.rutledge@qt.io>
Date: Mon, 10 Mar 2025 16:52:47 +0100
Subject: [PATCH] Mark HTML, CSS and Markdown parsers as security-critical

Pick-to: 6.8 6.9
Task-number: QTBUG-134508
Change-Id: Ib973b9344a19fa2f8c79e2a2ceddf530d9ab62cd
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
---
 src/gui/text/qcssparser.cpp            | 1 +
 src/gui/text/qtexthtmlparser.cpp       | 1 +
 src/gui/text/qtextmarkdownimporter.cpp | 1 +
 3 files changed, 3 insertions(+)

diff --git a/src/gui/text/qcssparser.cpp b/src/gui/text/qcssparser.cpp
index e2792976e7c..c7ccf5c0dcb 100644
--- a/src/gui/text/qcssparser.cpp
+++ b/src/gui/text/qcssparser.cpp
@@ -1,5 +1,6 @@
 // Copyright (C) 2016 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qcssparser_p.h"
 
diff --git a/src/gui/text/qtexthtmlparser.cpp b/src/gui/text/qtexthtmlparser.cpp
index 95f882be22b..383a3129d56 100644
--- a/src/gui/text/qtexthtmlparser.cpp
+++ b/src/gui/text/qtexthtmlparser.cpp
@@ -1,5 +1,6 @@
 // Copyright (C) 2016 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qtexthtmlparser_p.h"
 
diff --git a/src/gui/text/qtextmarkdownimporter.cpp b/src/gui/text/qtextmarkdownimporter.cpp
index add88da1804..c5eaa29f0ed 100644
--- a/src/gui/text/qtextmarkdownimporter.cpp
+++ b/src/gui/text/qtextmarkdownimporter.cpp
@@ -1,5 +1,6 @@
 // Copyright (C) 2019 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qtextmarkdownimporter_p.h"
 #include "qtextdocumentfragment_p.h"