You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We might want to protect loading of certain NodeJS functionality, unless a command-line argument says otherwise. This could be similar to LaTeX's -shell-escape and openin_any/openout_any (see e.g. this).
When we're rewriting modules via Babel, we might override require to prevent using node:fs or fs. (I'm sure there are lists of other dangerous modules too.) Or rewrite that module to exclude writing files, or to check whether written files are in the same directory or outside.
We don't want to limit custom code, and I've definitely used fs to read (but not write) .svg files in the past (but this is now much easier via require). But we can limit the damage that the code might do (hopefully accidentally).
The text was updated successfully, but these errors were encountered:
We might want to protect loading of certain NodeJS functionality, unless a command-line argument says otherwise. This could be similar to LaTeX's
-shell-escapeandopenin_any/openout_any(see e.g. this).When we're rewriting modules via Babel, we might override
requireto prevent usingnode:fsorfs. (I'm sure there are lists of other dangerous modules too.) Or rewrite that module to exclude writing files, or to check whether written files are in the same directory or outside.We don't want to limit custom code, and I've definitely used
fsto read (but not write) .svg files in the past (but this is now much easier viarequire). But we can limit the damage that the code might do (hopefully accidentally).The text was updated successfully, but these errors were encountered: