l3tchupkt commented on PR #9215: URL: https://github.com/apache/pouchdb/pull/9215#issuecomment-4186381729
The regex ^[^<>:"|?*]+$ was intended to block dangerous filesystem characters, but I realize it doesn't sufficiently prevent path traversal (e.g., ../). A more robust fix will require explicit checks to constrain names to a safe namespace. Since risks vary between filesystem and browser-based adapters, I will also look into adapter-specific validation. I am happy to adjust the PR accordingly. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
