On 4/19/12, Albert Astals Cid <[email protected]> wrote: > > So you say "NEVER EVER exposing anything to raw unfiltered user input" and > at the same time argue we can do it and it's fine? >
Sorry for the poor wording: front-end may not expose anything of the back-end to raw unfiltered user input. What I wanted to say, in the hypothetical scenario of pdftohtml running in the back-end, it will never see any invalid device name. But if you consider pdftohtml to be a front-end to gs, then, yes, you are right. _______________________________________________ poppler mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/poppler
