# HG changeset patch
# User Gregory Szorc <gregory.szorc@gmail.com>
# Date 1471318773 25200
# Node ID b1809f5d7630a3fff0fa715bbd30dba0f07672a8
# Parent  80df04266a16837e7659b92450f8a564e3da6531
hgweb: document why we don't allow untrusted settings to control zlib

Added comment per discussion on mercurial-devel.

diff -r 80df04266a16 -r b1809f5d7630 mercurial/hgweb/protocol.py
--- a/mercurial/hgweb/protocol.py	Sun Aug 14 18:37:24 2016 -0700
+++ b/mercurial/hgweb/protocol.py	Mon Aug 15 20:39:33 2016 -0700
@@ -74,6 +74,9 @@
         self.ui.ferr, self.ui.fout = self.oldio
         return val
     def groupchunks(self, cg):
+        # Don't allow untrusted settings because disabling compression or
+        # setting a very high compression level could lead to flooding
+        # the server's network or CPU.
         z = zlib.compressobj(self.ui.configint('server', 'zliblevel', -1))
         while True:
             chunk = cg.read(4096)