Sanity checks to prevent loading non-text data
Opened this issue · 2 comments
Hacker Paste accepts any arbitrary skylink. The skylinks are meant to be text files, but there is nothing stopping the user from loading any other type of file. If the app detects the user trying to open a non-text file it should prevent it.
Do you want hackerpaste to be able to open any skylink that is just text or to only accept skylinks generated by hackerpaste?
Because if latter, you could do a HEAD
request and check if the header skynet-file-metadata
contains the paste.txt
file
I think it is fine if Hacker Paste opens text files not generated in the app, if for instance someone wants to take an already-uploaded code file and add syntax highlighting and the ability to edit. What I mainly want to avoid is someone (mistakenly) opening an image or other binary object that cannot be represented as UTF-8 text.