script: ability in playlist should be hardened
Brought to you by:
shaneh
Menu
▾
▴
#9 script: ability in playlist should be hardened
The ability to run scripts from the script:// syntax in the
playlist is a potential security hole. For example a .pls
file could have an entry which runs a script on your
computer which deletes files etc. Someone could
launch a .pls file from the internet or a network, but
winamp probably asks first.
Currently it only lets you run scripts in teh scripts
directory, but you could get it run other scripts by
using "..\..\..\..\windows\bad.vbs" etc. It should offer
protection against "..". It is assumed there is no "bad"
scripts in the scripts directory.
It might be a good idea to let users turn this feature off.
