[Interest] Role of `qmlscene` and `qml` command line tools
Thiago Macieira
thiago.macieira at intel.com
Fri May 6 23:47:06 CEST 2016
On sexta-feira, 6 de maio de 2016 10:50:45 PDT Shawn Rutledge wrote:
> > The reason I'm asking is I'm building a QML application for embedded
> > use. The app is QML only, apart from some calls from QML into Python
> > using pyotherside [2] when interfacing with the hardware. So in theory
> > I could launch my app using `qmlscene` or `qml`, which would free me
> > from having to build and distribute a little C++ launcher application
> > to launch the app.
>
> That’s what the qml tool is intended for.
Except we disclaim any issues with security. The qml tool will load any file or
URL passed to it, whether it's from a trusted source or not. It may also find
qmldir files in random places depending on how the tool was launched and where
from.
You should at least write a shell script that wraps the launching of the tool
to sanitise arguments and the environment.
But if you're going to do that, you may as well just distribute your own .exe.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
More information about the Interest
mailing list