[Github-comments] [geany/geany] Geany's context again (#1836)
LarsGit223
notifications at xxxxx
Sat Apr 21 09:38:51 UTC 2018
If I understood it right this would execute the current selection as a command. IMHO it could be dangerous to execute the selection without any sanitizing checks. A user could accidentally select the context action. In the good case it causes an error message because the selection does not include a meaningful command. But e.g. if the user is editing a bash script it could also be a ```rm``` command. Although this is not very likely the example points out that it can be dangerous to simply execute the current selection as-is without any checks.
So if this would be changed the question arises if we want to protect the user from the above by e.g. having a config option to enable/disable the selection as a command (in case that the action command is empty) or maybe add a whitelist of commands and only execute the selection if the first word is found in the whitelist.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/geany/geany/issues/1836#issuecomment-383281438
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.geany.org/pipermail/github-comments/attachments/20180421/21e8c57f/attachment.html>
More information about the Github-comments
mailing list