Mark the lexing / parsing code as security critical, because they are data parsers. While _running_ QML code needs to assume trusted input, we probably should not have this restriction on the parser, so that tools like qmllint, qmlls and qdoc can safely pass any file to the parser, without having to worry about security implications. The criticality extends to qqmljskeywords_p.h, as we do custom bounds checking in the functions defined there. qqmljsastfwd_p is marked as insignificant, as it only contains fowrard declarations and no logic at all. The other marked files have the default level (significant). QUIP: 23 Task-number: QTBUG-136966 Pick-to: 6.10 6.9 6.8 Change-Id: I1e44f346d91d6d66c8e9632f0dec4a11fffc935a Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>