Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: Update _twisted completion



On Feb 4, 11:48am, Eric P. Mangold wrote:
}
} Well, this is what we do, and it's what we've been doing. Getting
} the code dynamically over stdin isn't much different than locating
} arbitrary completion functions inside the Twisted directory and
} executing them.

I have to agree with Phil here.  Completion functions in a directory can
be examined to increase confidence they're trustworthy, and are subject
to normal runtime security checks.  Eval'in a string provided on stdout
leaves the shell open to additional attacks.
 
} If it were that easy, perhaps we would already have "completion
} descriptors" instead of "completion functions" ;)

To a fair extent, we do.  That's what the parameters of _arguments are,
after all.



Messages sorted by: Reverse Date, Date, Thread, Author