Reedy added a project: Security. Reedy added a comment.
While I'm happy for allowing an array of paths (that makes perfect sense), the relative-ness does give cause for concern What's to stop a malicious extension reading arbitrary files from disk, and then doing whatever with them? TASK DETAIL https://phabricator.wikimedia.org/T231855 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Reedy Cc: Reedy, matthiasmullie, Aklapper, Hook696, Daryl-TTMG, RomaAmorRoma, 0010318400, E.S.A-Sheild, darthmon_wmde, JFishback_WMF, Dsharpe, Meekrab2012, joker88john, DannyS712, CucyNoiD, Nandana, NebulousIris, sbassett, Gaboe420, Versusxo, Majesticalreaper22, Giuliamocci, Adrian1985, Cpaulf30, Lahi, Gq86, Af420, Ramsey-WMF, Darkminds3113, Bsandipan, Lordiis, GoranSMilovanovic, Adik2382, Jayprakash12345, Th3d3v1ls, Ramalepe, Liugev6, QZanden, HJiang-WMF, LawExplorer, WSH1906, Lewizho99, Maathavan, _jensen, rosalieper, dpatrick, MGChecker, Luke081515, Wikidata-bugs, aude, GWicke, Bawolff, Stype_and_Co.-WMF, DerHexer, Jalexander, Parent5446, Anomie, Grunny, Jdforrester-WMF, MaxSem, csteipp, Mbch331, Rxy, Jay8g, Krenair, Legoktm, chasemp
_______________________________________________ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
