On Fri, Jun 12, 2015 at 12:58 AM, Diego Gangl <[email protected]> wrote: >> Even with JSON or XML you could create a malicious keymap. For example >> you could use an operator to type any text into the text editor and >> execute it, and assign that to a commonly used key shortcut. It just >> requires a bit more creativity. > > There isn't an operator that will do all these steps (make a new text, > insert some text, run script). It would have to be added in a different way > before putting it in the keymap.
Key-maps can define macros too. >> I'm not really sure why switching to any other format of storing keymaps >> will help in any way > > Data formats are parsed, not executed. > > >> The thing is, even if the keymapare safe, you're still having risk when >> installing someone's addon or even opening the .blend file. > > Like Marc said, there's the Auto-run option for blend files. > Users know they are running something when they install an addon, and > there's usually more eyes on the source (mostly from people trying to > figure out stuff). _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
