Have you thought through points where greg could be subject to code injection? I'm thinking about what happens if you combine placeholders (with values taken from remote files) with a custom downloadhandler. What happens if someone sets {title} = abc; rm -rf ~/*; ls?
I see you use subprocess for this, so I think that should protect against it, but I'm not 100% sure. And there could be other injection points in the code too. Just something to think about.
Have you thought through points where greg could be subject to code injection? I'm thinking about what happens if you combine placeholders (with values taken from remote files) with a custom downloadhandler. What happens if someone sets
{title} = abc; rm -rf ~/*; ls?I see you use subprocess for this, so I think that should protect against it, but I'm not 100% sure. And there could be other injection points in the code too. Just something to think about.