Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanity checks to prevent loading non-text data #2

Open
harej opened this issue Oct 27, 2020 · 2 comments
Open

Sanity checks to prevent loading non-text data #2

harej opened this issue Oct 27, 2020 · 2 comments

Comments

@harej
Copy link
Owner

harej commented Oct 27, 2020

Hacker Paste accepts any arbitrary skylink. The skylinks are meant to be text files, but there is nothing stopping the user from loading any other type of file. If the app detects the user trying to open a non-text file it should prevent it.
@Delivator
Copy link
Contributor

Do you want hackerpaste to be able to open any skylink that is just text or to only accept skylinks generated by hackerpaste?
Because if latter, you could do a HEAD request and check if the header skynet-file-metadata contains the paste.txt file

@harej
Copy link
Owner Author

harej commented Nov 12, 2020

I think it is fine if Hacker Paste opens text files not generated in the app, if for instance someone wants to take an already-uploaded code file and add syntax highlighting and the ability to edit. What I mainly want to avoid is someone (mistakenly) opening an image or other binary object that cannot be represented as UTF-8 text.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@harej @Delivator