-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added handling of —permit-arguments option #64
Conversation
Hello, In the code, you juste have to change : and : Hope this help. |
8e75d20
to
4617f0a
Compare
Thanks @jcoste I added your code 😊 |
Fix #33 |
What do you think about renaming |
👍 |
4617f0a
to
517e7ed
Compare
👌 |
👍 |
1d03804
to
e3455ef
Compare
Hi, thank you for the PR and sorry for the delay to reply. I'm still not sure wether this approach is safe or not. If the given file to VIM is "/proc" or something, the command might leak secret information. To avoid security risks by restricting possible parameters, we may implement regular expression filters or white lists, but that makes gotty really complicated. So I'm feeling like when you need dynamic configuration of the gotty command, writing a custom wrapper script/application might be a better way like https://github.com/Arno0x/TermGate. Could you present some actual use cases for which you need this feature? |
This feature mimics the tty.js Thanks to this dynamic tty.js executes a custom program we wrote which parses (and check) arguments I don't understand how using TermGate:
In my opinion, giving access to The GoTTY user needs to take care of the program he gives access to, and if he wants to allow parameters passing, he also needs to think about security issues it involves A message in the |
@moul TermGate is just an example that shows you can implement arguments in a wrapper. If you want, you can implement some logic to filter arguments in your wrapper. |
Like @moul I find this PR very useful. The Gotty user is responsible of the program he gives acces to. And @QuentinPerez puts a flag to enable this mechanism! It's not enabled by default. I don't want to develop a wrapper around Gotty like TermGate if this little PR can do the job. |
Thank you for the comments. Ok, I'm now thinking this option would be useful for many use cases. |
Hi @yudai, I can propose you other ways, what do you think about: ?arg[]=AAA&arg[]=BBB&arg[]=CCC%20CCC
?args=[“AAA”,”BBB”,”CCC%20CCC”] Or if you have another way, feel free to propose 😄 |
hi @QuentinPerez, I checked some specs to find a standard way to send arrays in URL arguments, however it looks there is no formal way for it. |
30efee2
to
15ba854
Compare
I updated the PR 😉 |
f32f08a
to
7715f93
Compare
Could you rebase to the master? There are some conflicts. |
15ba854
to
a4e77b2
Compare
Done |
Added handling of —permit-arguments option
Thanks! Merged! |
Hi,
I do this PR to handle parameters with the
permit-arguments
flag.Example:
$> gotty --permit-arguments vim
You can pass argument like this :
http://server.exmple.com:8080/?params=file1¶ms=file2