jtnicholl
commented
1 year ago I decided that I don't believe a check like this should be necessary and opened godotengine/godot#80562 instead. If that issue is closed as not planned I'll reopen.
Closed jtnicholl closed 1 year ago
jtnicholl
commented
1 year ago I decided that I don't believe a check like this should be necessary and opened godotengine/godot#80562 instead. If that issue is closed as not planned I'll reopen.
ConfigFile'sparse/loadmethods andstr_to_varcan deserialize objects, and their_initmethods execute immediately. This is something I've seen discussed online, but it's not well documented. Checking that the text does not contain "Object(" before parsing is an easy way to prevent this and avoid malicious code.