Include same warning comments from TFD in bindings class

Question

Include same warning comments from TFD in bindings class

ThatGravyBoat opened this issue 6 months ago · 0 comments

Description

TinyFileDialog added a warning at the top of their files saying to not use user input (https://github.com/LWJGL/lwjgl3/blob/master/modules/lwjgl/tinyfd/src/main/c/tinyfiledialogs.c#L50). This is because it could and has been a pathway for vulnerabilities as previous versions of TFD had command injection vulnerabilities (CVE-2020-36767 and CVE-2023-47104).

It would be good to include this warning into the bindings aswell and possibly change the wording as to change it from "Do not use user inputs" to something along the lines of "Do not use untrusted inputs" as its more suitable.

A similar warning was also added to other bindings for TFD such as rust here jdm/tinyfiledialogs-rs#40