> Though some keymap authors define their own operators & menus, so we > wouldn't want to drop support for Python keymaps entirely.
Wouldn't this be more in the addon territory? I'm sure those keymap authors could write an addon as well. 2015-06-10 1:33 GMT-03:00 Campbell Barton <[email protected]>: > On Wed, Jun 10, 2015 at 9:59 AM, Diego Gangl <[email protected]> wrote: > > Hi guys, > > > > There's something that's been on my mind recently, keymaps and presets > are > > python files that run whatever code is in them everytime they are used. > > > > I tried pasting this code in the middle of a keymap file: > > > > from subprocess import Popen > > Popen('touch ~/boo.test', shell=True) > > > > and sure enough the file boo.test is created. Are there any limitations, > or > > checks when running these files? Because it looks like it would be easy > for > > someone to hide malicious code in there (not trying to sound like RMS > :) ) > > > > Presets/keymaps are often shared online, and users can't be expected to > > inspect these files for evilness. Why not use json or some other data > > format? > > > > Cheers! > > Hi Diego, yes, this is a real issue, we could use JSON/XML (as we do > already for themes). > > Though some keymap authors define their own operators & menus, so we > wouldn't want to drop support for Python keymaps entirely. > _______________________________________________ > Bf-committers mailing list > [email protected] > http://lists.blender.org/mailman/listinfo/bf-committers > _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
