Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-134620

Review and tag src/gui/text/qcssparser.cpp src/gui/text/qtexthtmlparser.cpp src/gui/text/qtextmarkdownimporter.cpp

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • P2: Important
    • None
    • None
    • GUI: Text handling
    • None

    Description

      This task is about reviewing the different parsers our text handling code uses (HTML, markdown, css).

      The task is to review all code mentioned in the task title for the presence of code that is considered security-critical, according to https://contribute.qt-project.org/quips/23. In particular, we are looking for parsers that touch untrusted data directly. Such code should have the security header

      // Qt-Security score:critical reason:data-parser

      Definition of done:
      1. All code mentioned in the task header is reviewed
      2. If security critical code is found, the header is added.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            srutledg Shawn Rutledge
            smd Jan Arve
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes