@elextr: what I mean was that now the command is stored in ```command``` and nothing will be executed at all if ```command``` is empty. So right now the selection in ```%s``` is not checked but it is only used as command parameters. Therefore there is a certain check because someone needs to have configured the value of ```command```. With the change suggested the risk is different IMHO.
Yes right now someone could select ```; rm -rf /``` but I thought of the risk by having a word selected and accidentally run the context menu. A combination like ```; rm -rf /``` needs to be selected explicitly as it not just a word. But I am not picky on this, just wanted to point it out. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/1836#issuecomment-383287685
