Permalink
Browse files

manpage: update --playlist comments

Using the --playlist option is no longer recommended.

A while ago, mpv rewrote all playlist parsers and added some minimal
security mechanisms (like not allowing local file access or unsafe
protocols in remote playlists). Further, mpv can load playlists by
passing them as normal file arguments, without the option.

Now, --playlist is needed only in these situations:
1) loading plaintext files
2) disabling additional security mechanisms
   (e.g. using a remote playlist to play local files)
  • Loading branch information...
wm4
wm4 committed Nov 2, 2014
1 parent 0c3df23 commit 95a5624946f3a6be3c7b79badebf1829f4633539
Showing with 10 additions and 9 deletions.
  1. +1 −2 DOCS/man/mpv.rst
  2. +9 −7 DOCS/man/options.rst
@@ -12,8 +12,7 @@ a media player
SYNOPSIS
========

| **mpv** [options] [file|URL|-]
| **mpv** [options] --playlist=PLAYLIST
| **mpv** [options] [file|URL|PLAYLIST|-]
| **mpv** [options] files

DESCRIPTION
@@ -128,21 +128,23 @@ Playback Control
no format is detected, t will be treated as list of files, separated by
newline characters. Note that XML playlist formats are not supported.)

You can play playlists directly and without this option, however, this
option disables any security mechanisms that might be in place. You may
also need this option to load plaintext files as playlist.

.. warning::

The way mpv uses playlist files is not safe against maliciously
constructed files. Such files may trigger harmful actions.
The way mpv uses playlist files via ``--playlist`` is not safe against
maliciously constructed files. Such files may trigger harmful actions.
This has been the case for all mpv and MPlayer versions, but
unfortunately this fact was not well documented earlier, and some people
have even misguidedly recommended use of ``--playlist`` with untrusted
sources. Do NOT use ``--playlist`` with random internet sources or files
you do not trust!

The main problem is that playlists can point to arbitrary network
addresses (including local addresses inside of your LAN), and thus
can't be considered secure. Playlists also can contain entries using
other protocols, such as local files, or (most severely), special
protocols like ``avdevice://``, which are inherently unsafe.
Playlist can contain entries using other protocols, such as local files,
or (most severely), special protocols like ``avdevice://``, which are
inherently unsafe.

``--chapter-merge-threshold=<number>``
Threshold for merging almost consecutive ordered chapter parts in

0 comments on commit 95a5624

Please sign in to comment.