From 2d33d2f5adf92ef81042a6528985b20b30c3e92d Mon Sep 17 00:00:00 2001
From: ev chang <wyvestbusiness@gmail.com>
Date: Mon, 18 Nov 2024 10:02:26 -0500
Subject: [PATCH] Add warning from upstream about TinyFD

---
 .../org/polyfrost/oneconfig/api/ui/v1/api/TinyFdApi.java    | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/ui/src/main/java/org/polyfrost/oneconfig/api/ui/v1/api/TinyFdApi.java b/modules/ui/src/main/java/org/polyfrost/oneconfig/api/ui/v1/api/TinyFdApi.java
index c037a9b46..06807735d 100644
--- a/modules/ui/src/main/java/org/polyfrost/oneconfig/api/ui/v1/api/TinyFdApi.java
+++ b/modules/ui/src/main/java/org/polyfrost/oneconfig/api/ui/v1/api/TinyFdApi.java
@@ -32,6 +32,12 @@
 
 import java.nio.file.Path;
 
+/**
+ * API for TinyFD, a cross-platform file selection dialog.
+ * <p>
+ * On Linux, TinyFD "allows shell metacharacters in titles, messages, and other input data," meaning that it is vulnerable to command injection.
+ * **Treat all user input as untrusted and sanitize it before passing it to TinyFD.**
+ */
 @SuppressWarnings("unused")
 public interface TinyFdApi {
     String QUESTION_ICON = "question";