Comment by oefrha
2 years ago
> assert(";" not in ffmpeg_command)
Well that just made it considerably less useful given that ; is the delimiter in ffmpeg filtergraphs.
Also it doesn't defend against && || \n etc.
Invoking an untrusted string with sh (through os.system()) is kind of a facepalm when you can easily shlex and posix_spawn it.
No comments yet
Contribute on Hacker News ↗