[FFmpeg-devel] [PATCH] avformat/hls: Check file extensions

[Nicolas George]

Le quintidi 15 prairial, an CCXXV, Hendrik Leppkes a écrit :
> I object to breaking a functioning protocol in the name of some
> obscure social-engineering attack.

I agree, this issue is negligible. As was the issue about the concat
protocol.

But we obviously have many similar issues all over the place, and some
of them are probably worth worrying.

We need to start thinking NOW about a global solution to track the
origin of data and prevent leakage. Maybe something similar to Perl's
taint check, or to Windows's security zones (I know nothing about them
except something like that exist), or toweb browsers anti-cross-site
scripting mechanisms.

And that was WE, not I. I am not competent to do it alone.

Regards,

-- 
  Nicolas George