Add warning from upstream about TinyFD

Polyfrost · Nov 18, 2024 · 2d33d2f · 2d33d2f
1 parent af5498d
commit 2d33d2f
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/modules/ui/src/main/java/org/polyfrost/oneconfig/api/ui/v1/api/TinyFdApi.java b/modules/ui/src/main/java/org/polyfrost/oneconfig/api/ui/v1/api/TinyFdApi.java
@@ -32,6 +32,12 @@
 
 import java.nio.file.Path;
 
+/**
+ * API for TinyFD, a cross-platform file selection dialog.
+ * <p>
+ * On Linux, TinyFD "allows shell metacharacters in titles, messages, and other input data," meaning that it is vulnerable to command injection.
+ * **Treat all user input as untrusted and sanitize it before passing it to TinyFD.**
+ */
 @SuppressWarnings("unused")
 public interface TinyFdApi {
     String QUESTION_ICON = "question";