1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Doc: Warn about loading of untrusted .qm files

Browse Source 
Pick-to: 6.9 6.8
Change-Id: I0cc99ef285335fc244ba33f08bf0e322c7597a75
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
This commit is contained in:
Kai Köhne 2025-04-09 12:44:15 +02:00 committed by Volker Hilsheimer
parent 095cacd668
commit 3ab63875e5
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/corelib/kernel/qtranslator.cpp
View File

@ -376,6 +376,16 @@ public:
QCoreApplication::installTranslator(). It will then be the first
translation to be searched for matching strings.
\section1 Security Considerations
Only install translation files from trusted sources.
Translation files are binary files that are generated from text-based
translation source files. The format of these binary files is strictly
defined by Qt and any manipulation of the data in the binary file may
crash the application when the file is loaded. Furthermore, even well-formed
translation files may contain misleading or malicious translations.
\sa QCoreApplication::installTranslator(), QCoreApplication::removeTranslator(),
QObject::tr(), QCoreApplication::translate(), {I18N Example},
{Hello tr() Example}, {Arrow Pad Example}, {Troll Print Example}