diff options
| author | Matt Brictson <mattbrictson@users.noreply.github.com> | 2017-08-16 15:24:37 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-08-16 15:24:37 -0700 |
| commit | c9f04a3daf021443841dbb6ca3a782953f24e7b4 (patch) | |
| tree | e85a71a6a4bebe2bd5b8281ce2f0e881f928bc55 | |
| parent | d1593e66fa2650cb9bfb761d35468fbee673e348 (diff) | |
| parent | b2bb8be275dbb2cc9c5d476da2a8b19f4218670c (diff) | |
| download | plist-c9f04a3daf021443841dbb6ca3a782953f24e7b4.tar.gz | |
Merge pull request #45 from copacetic/master
Add security considerations section to README
| -rw-r--r-- | README.rdoc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/README.rdoc b/README.rdoc index 5803a39..648f02b 100644 --- a/README.rdoc +++ b/README.rdoc @@ -7,6 +7,11 @@ Plist is a library to manipulate Property List files, also known as plists. It == Usage +=== Security considerations + +Plist.parse_xml uses Marshal.load for <data/> attributes. If the <data/> attribute contains malicious data, an attacker can gain code execution. +You should never use Plist.parse_xml with untrusted plists! + === Parsing result = Plist.parse_xml('path/to/example.plist') |