Disclaimer for new TinyFD API

Polyfrost · Nov 21, 2023 · 0f7b415 · 0f7b415
1 parent 73c7712
commit 0f7b415
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/main/java/cc/polyfrost/oneconfig/renderer/TinyFD.java b/src/main/java/cc/polyfrost/oneconfig/renderer/TinyFD.java
@@ -5,6 +5,12 @@
 
 import java.io.File;
 
+/**
+ * API for TinyFD, a cross-platform file selection dialog.
+ * <p>
+ * On Linux, TinyFD "allows shell metacharacters in titles, messages, and other input data," meaning that it is vulnerable to command injection.
+ * **Treat all user input as untrusted and sanitize it before passing it to TinyFD.**
+ */
 @SuppressWarnings("unused")
 public interface TinyFD {
     String QUESTION_ICON = "question";