You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think in the longer term we should be accepting text file types other than Markdown, e.g. if you have a python script that gets included in a LaTeX/Markdown document, it definitely helps to allow .py. The CodeMirror editor has highlighting modes built in for lots of file types, including .py, but we currently load only the markdown mode.
The usual file naming issues that come up are around security (see https://www.owasp.org/index.php/Unrestricted_File_Upload for a good discussion) and cross-platform compatibility (e.g. a colon is valid in a unix file name, but it's not valid in a Windows file name).
We'll also have image files (.png, etc.) and technically you could rename one of those to .md and then try to edit it as text and get junk. So there's a need to check whether a file is text or binary before trying to load it into the editor. I've read that git just says that a file is binary if there is an ASCII null character anywhere in the first 8KB, which is a simple but apparently effective heuristic.
We also need to think about subfolders, which we don't currently do anything special with. I think allowing "/" in the file names should work with the back end code in the Repo class (and it checks for ../ and similar, which can lead to directory traversal attacks).
The text was updated successfully, but these errors were encountered:
Points taken from #13 for future reference:
I think in the longer term we should be accepting text file types other than Markdown, e.g. if you have a python script that gets included in a LaTeX/Markdown document, it definitely helps to allow .py. The CodeMirror editor has highlighting modes built in for lots of file types, including .py, but we currently load only the markdown mode.
The usual file naming issues that come up are around security (see https://www.owasp.org/index.php/Unrestricted_File_Upload for a good discussion) and cross-platform compatibility (e.g. a colon is valid in a unix file name, but it's not valid in a Windows file name).
We'll also have image files (.png, etc.) and technically you could rename one of those to .md and then try to edit it as text and get junk. So there's a need to check whether a file is text or binary before trying to load it into the editor. I've read that git just says that a file is binary if there is an ASCII null character anywhere in the first 8KB, which is a simple but apparently effective heuristic.
We also need to think about subfolders, which we don't currently do anything special with. I think allowing "/" in the file names should work with the back end code in the Repo class (and it checks for ../ and similar, which can lead to directory traversal attacks).
The text was updated successfully, but these errors were encountered: