Sanity checks to prevent loading non-text data

Question

Sanity checks to prevent loading non-text data

Opened this issue 4 years ago · 2 comments

Hacker Paste accepts any arbitrary skylink. The skylinks are meant to be text files, but there is nothing stopping the user from loading any other type of file. If the app detects the user trying to open a non-text file it should prevent it.

Answer 1 · 2020-11-12T10:42:03.000Z

Do you want hackerpaste to be able to open any skylink that is just text or to only accept skylinks generated by hackerpaste?
Because if latter, you could do a HEAD request and check if the header skynet-file-metadata contains the paste.txt file

Answer 2 · 2020-11-12T20:55:53.000Z

I think it is fine if Hacker Paste opens text files not generated in the app, if for instance someone wants to take an already-uploaded code file and add syntax highlighting and the ability to edit. What I mainly want to avoid is someone (mistakenly) opening an image or other binary object that cannot be represented as UTF-8 text.