dalai icon indicating copy to clipboard operation
dalai copied to clipboard

Published 20 hours ago verified publisher icon cocktailpeanut

Stop using the shell to run commands

Open myyk opened this issue 1 year ago • 1 comments

This prevents RCE with $(...) syntax, and makes the regex escaping functions unnecessary, and the code slightly cleaner.

Fixes #287

Manually tested on Ubuntu running locally.

Setup: image

Before: image

After: image

myyk avatar Mar 29 '23 08:03 myyk

why is this not merged? seems like a huge security flaw, especially when you have untrusted user input in the prompt and the output.

suspicious-pineapple avatar Apr 18 '23 15:04 suspicious-pineapple