You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Have you thought through points where greg could be subject to code injection? I'm thinking about what happens if you combine placeholders (with values taken from remote files) with a custom downloadhandler. What happens if someone sets {title} = abc; rm -rf ~/*; ls?
I see you use subprocess for this, so I think that should protect against it, but I'm not 100% sure. And there could be other injection points in the code too. Just something to think about.
The text was updated successfully, but these errors were encountered:
Have you thought through points where greg could be subject to code injection? I'm thinking about what happens if you combine placeholders (with values taken from remote files) with a custom downloadhandler. What happens if someone sets
{title} = abc; rm -rf ~/*; ls?I see you use subprocess for this, so I think that should protect against it, but I'm not 100% sure. And there could be other injection points in the code too. Just something to think about.
The text was updated successfully, but these errors were encountered: