Discussion on whether there is a possibility of destructiveness in using scripts in the FastReport t
Esteemed Administrators:
I often download fr3 format templates or excellent fr3 templates created by others to incorporate into my projects.
In this, I have some concerns, because I know Pascal script is supported and I have even seen support for js scripts etc. I have also seen in the help documentation that custom functions are supported.
So I wanted to ask, is there a possibility that some people could create malicious code that judges the environment the template is used in and then carries out destructive behaviors, like deleting a file on my computer?
I have carefully analyzed the fr3 template format, and found it is XML format,
In which there is a key word ScriptLanguage="PascalScript"
Could I detect potential risks by searching for ScriptLanguage= and similar phrases in templates?
I hope to get everyone's reply on this, looking forward to it, thank you.
Comments
Yes, you can create custom function and call format c: from Delphi's code