[Qt-qml] Qml and security
Tim Beaulen
tbscope at gmail.com
Fri Apr 23 11:37:13 CEST 2010
Hello,
I would like to use QML in my program is such a way that users can
create costum "themes".
But because it's possible to use javascript in QML files, I think I
can not provide the users of my program with the necessary security.
My program makes a connection with a service provider and most of the
time it requires a password. Wouldn't it be easy to create a QML file
that sends the password and username to anywhere one wants?
In other words, is it possible now, or in the future, to disable
scripts in QML files? For example a
QDeclarativeEngine::disableScripts() function?
Otherwise I need to screen each and every QML file before posting it
to a central trusted repository. Of course, this would not be too much
work as I don't expect too many of them. But what worries me is that
these files can be downloaded everywhere, without my control.
Can anyone share some experience please?
More information about the Qt-qml
mailing list