Discussion on whether there is a possibility of destructiveness in using scripts in the FastReport t

dreamnyjdreamnyj
in FastReport VCL 5

Esteemed Administrators:

I often download fr3 format templates or excellent fr3 templates created by others to incorporate into my projects.

In this, I have some concerns, because I know Pascal script is supported and I have even seen support for js scripts etc. I have also seen in the help documentation that custom functions are supported.

So I wanted to ask, is there a possibility that some people could create malicious code that judges the environment the template is used in and then carries out destructive behaviors, like deleting a file on my computer?

I have carefully analyzed the fr3 template format, and found it is XML format,

In which there is a key word ScriptLanguage="PascalScript"

Could I detect potential risks by searching for ScriptLanguage= and similar phrases in templates?

I hope to get everyone's reply on this, looking forward to it, thank you.

Comments

  • gpigpi

    Yes, you can create custom function and call format c: from Delphi's code

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.

Home FastReport VCL 5Comment As ...

© Vanilla Keystone Theme 2024