summaryrefslogtreecommitdiff
path: root/vendor/github.com/toqueteos/webbrowser/webbrowser.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/toqueteos/webbrowser/webbrowser.go')
-rw-r--r--vendor/github.com/toqueteos/webbrowser/webbrowser.go8
1 files changed, 5 insertions, 3 deletions
diff --git a/vendor/github.com/toqueteos/webbrowser/webbrowser.go b/vendor/github.com/toqueteos/webbrowser/webbrowser.go
index f4f19b6b3..5a0a4aa7a 100644
--- a/vendor/github.com/toqueteos/webbrowser/webbrowser.go
+++ b/vendor/github.com/toqueteos/webbrowser/webbrowser.go
@@ -30,9 +30,11 @@ type Browser interface {
}
// Open tries to open a URL in your default browser ensuring you have a display
-// set up and not running this from SSH. NOTE: This may cause your program to
-// hang until the browser process is closed in some OSes, see
-// https://github.com/toqueteos/webbrowser/issues/4.
+// set up and not running this from SSH.
+// NOTE: This may cause your program to hang until the browser process is closed in
+// some OSes, see https://github.com/toqueteos/webbrowser/issues/4.
+// SECURITY(windows): Do not use a file:// URLs pointing to an executable, this
+// can execute programs, see https://github.com/toqueteos/webbrowser/issues/10
func Open(s string) (err error) {
if len(Candidates) == 0 {
return ErrNoCandidates
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-02 10:54:17 +0000