Security consequences of passing include_loader (and supporting mj-include) not being warned about?Β #588
{{ message }}
Security consequences of passing
include_loader (and supporting mj-include) not being warned about?Β #588
Hi! Thanks for sharing this project as software libre! π
It has come to my attention that use of loaders
http_loaderandlocal_loaderis showcased in the docs without any mention of security consequences. I do find security notes in the related implementation but not in places targeting end users. Are you aware?PS: Kudos for not enabling
mj-includeby default πBest, Sebastian