Allow plugin nuget dependencies #102
Comments
|
Is it required though? I mean, we could load foreign assemblies (DLLs) too that the user installs part of a plugin. They should only be loaded if the assembly is being depended upon by another plugin. I can only imagine being useful if the user loads a "source code" plugin. |
|
"Source code" plugins are the main target of this issue. |
|
In all honesty, don't source code plugins have like- a security concern? |
|
Don't all of them? |
|
More like the opposite, because you can be sure you're not running hidden code, cause you compile the plugin yourself. |
|
Fair, but an update on a github repo would mean the new version would get compiled. A new update can introduce malicious code. Unless they don't auto update, of course. |
|
Well, at the moment, the way we deal with malicious code is that we disallow referencing certain assemblies. I don't know if it's possible to, for example, remove local files without In the past I've worked on other projects involving uMod, which is doing something similar. I think that they used Regex on the source code, to detect if any blacklisted namespaces were present, but the implementation is not as important here. |
|
@Naamloos Maybe you could add "Server development" category to GitHub discussions and open "Plugins security concerns"? Or just open another issue specifically for it. |
|
can i get assigned to this issue? |
|
Closing this as it was done with #436 |
Allow Obsidian plugins to have nuget dependencies. They should be correctly:
There might be a problem with versioning?
Related StackOverflow post
MSDN
The text was updated successfully, but these errors were encountered: