Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
  • VLC VLC
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 3,784
    • Issues 3,784
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 251
    • Merge requests 251
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • VideoLANVideoLAN
  • VLCVLC
  • Issues
  • #1371
Closed
Open
Issue created Nov 20, 2007 by Rémi Denis-Courmont@CourmischMaintainer

Security issue: browser plugins input

As pointed out by Quovodis, browsers plugins must not be allowed to specify arbitrary input item options. In particular, controlling stream output is a big no no (writting to arbitrary files or to the network from web pages).

As far as I can tell, the simplest solution is to not allow items that start with a colon when initializing libvlc. However, it remains questionable whether even specifying arbitrary inputs should be allowed.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking

VideoLAN code repository instance