Added a secutity note on xdg-mime default to warn against confusing openers and runners

author: Slatian <baschdel@disroot.org> 2023-11-27 21:15:42 +0100
committer: Slatian <baschdel@disroot.org> 2023-11-27 22:02:37 +0100
commit: 1e2ec2446b55854b36f2fd2c52778d3e7dda08f8 (patch)
tree: 85539474f7759535be1d01750bff7972c4a03da9
parent: 2e88ae60c7e663789f47f5ef4e7ad4bdc83f1ae6 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/scripts/desc/xdg-mime.xml b/scripts/desc/xdg-mime.xml
index 54b0922..f3eba17 100644
--- a/scripts/desc/xdg-mime.xml
+++ b/scripts/desc/xdg-mime.xml
@@ -145,6 +145,12 @@ and adding descriptions for new file types</refpurpose>
             actual default handler for a specific file type.   
 	  </simpara>
 	  <simpara>
+        <emphasis>Security Note:</emphasis> Never set a handler that will blindly execute code or commands from the file being handled. Such behaviour will sooner than later lead to unintended code execution i.e. through a curious user trying to inspect a freshly downloaded file but running it by accident.
+	  </simpara>
+	  <simpara>
+        Keeping opening and executing separate actions helps with people protecting themselves from malware, the default handler is an opener, not a runner.
+	  </simpara>
+	  <simpara>
             The <emphasis>default</emphasis> option is for use inside a desktop session only.
             It is not recommended to use xdg-mime default as root.
 	  </simpara>
author	Slatian <baschdel@disroot.org>	2023-11-27 21:15:42 +0100
committer	Slatian <baschdel@disroot.org>	2023-11-27 22:02:37 +0100
commit	1e2ec2446b55854b36f2fd2c52778d3e7dda08f8 (patch)
tree	85539474f7759535be1d01750bff7972c4a03da9
parent	2e88ae60c7e663789f47f5ef4e7ad4bdc83f1ae6 (diff)