If we pull content from the internet, there are always risks. To mitigate risks, we allowlist urls for valid sources. However, adding new white list urls requires a new GUI build. The extension Store is meant to update independently of the GUI. I think the only solution is to whitelist using glob patterns, ignoring source of github user, and keeping the primary source as github.
If we pull content from the internet, there are always risks. To mitigate risks, we allowlist urls for valid sources. However, adding new white list urls requires a new GUI build. The extension Store is meant to update independently of the GUI. I think the only solution is to whitelist using glob patterns, ignoring source of github user, and keeping the primary source as github.