Hi, I was thinking about the implications of giving a user write access to a subtree of the repository. With that access the user could now upload a new script and create a node that invokes that script when rendered.
What if the script contains something like System.exit(1)? Or something even more malicious? Do we have mechanisms for preventing attack scenarios like that? BR, Jukka Zitting
