You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a minimum: txtcsvtsvlogjsonsvgpngjpegipynbmdhtmlpdf.
My main thinking for this is that R objects often contain the the arguments that were passed to them, such as data frames (and sometimes entire environments). This is Bad because a user might be tempted to release that object out of L4 for local processing, without realising the security implications. For example a ggplot object contains the data used to plot the object, even if the plot is for lower dimension derivations of the data like a density plot or a chart showing pairwise correlations. There are lots of other examples.
Github's 100mb file limit won't catch everything, especially with compression. Asumming a whitelist is probably safer than a blacklist.
Arguably htmlmd and pdf could contain disclosive info that isn't visible when rendered but i think that's a separate issue.
May need a system request additional file types.
The text was updated successfully, but these errors were encountered:
As a minimum:
txtcsvtsvlogjsonsvgpngjpegipynbmdhtmlpdf.My main thinking for this is that R objects often contain the the arguments that were passed to them, such as data frames (and sometimes entire environments). This is Bad because a user might be tempted to release that object out of L4 for local processing, without realising the security implications. For example a ggplot object contains the data used to plot the object, even if the plot is for lower dimension derivations of the data like a density plot or a chart showing pairwise correlations. There are lots of other examples.
Github's 100mb file limit won't catch everything, especially with compression. Asumming a whitelist is probably safer than a blacklist.
Arguably
htmlmdandpdfcould contain disclosive info that isn't visible when rendered but i think that's a separate issue.May need a system request additional file types.
The text was updated successfully, but these errors were encountered: