GitHub/Anki
1
0
Fork 0
mirror of https://github.com/ankitects/anki.git synced 2026-01-13 22:13:58 -05:00
Code Issues Projects Releases Packages 1 Wiki Activity Actions

Add a security note to reduce the chance of a regression

Browse source
This commit is contained in:
Damien Elmes 2025-06-04 18:01:32 +07:00
parent ba25b11e50
commit d930f51a8f
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
pylib/anki/sound.py
View file

@ -38,6 +38,9 @@ class SoundOrVideoTag:
Video files also use [sound:...]. Video files also use [sound:...].
SECURITY: We should only ever construct this with basename(filename),
as passing arbitrary paths to mpv from a shared deck is a security issue.
Anki add-ons can supply an absolute file path to play any file on disk Anki add-ons can supply an absolute file path to play any file on disk
using the built-in media player. using the built-in media player.
""" """