You are viewing a single comment's thread from:
RE: Introducing OneLoveDTube IPFS Video Uploader: An alternative way of posting videos onto DTube
Thank you for your contribution.
- It looks to me that uploader.js at client side so it is possible that users could modify the
beneficiariesvalue? generatePermlinkis not random enough, there may be collision. It is better to provide something more universal unique randomness e.g. GUIDShell.execmay expose security issues if you don't check and wrap your parameters e.g. filename- It is not necessary to upload
node_modulesto git.
Overall, nice piece of work!
Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.
To view those questions and the relevant answers related to your post, click here.
Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]
Thank you for your valuable feedback!
This can be a small fix by getting value from server, then returning that value together with the resulting IPFS hashes. I didn't know that it can be changed through inspect element!
My
generatePermlink()works the same way as how DTube generates permlinks here, so perhaps they need to think about this too.Probably I need to sanitize ShellJS exec parameters 🤔
Thank you for your review, @justyy! Keep up the good work!