Add hook for adding local extensions #7
Conversation
|
This PR got rotten a bit, and it seems to me that the easiest way how to help is to attach this rebased patch. |
|
Actually, looking into it, it is a bit unfortunate, this patch still uses |
|
Sorry for the long silence – for some reason I wasn't watching this. I've updated the patch, which should now apply to current master (sorry for force-pushing). As to using imp -- well, the trouble with python2 importlib is that it's really not expressive enough for what we want to do here: Pull a module from a well-defined place. python2 is deprecated as a whole, so I'd not worry about another use of imp. If you do, I could add an implementation based on python3 importlib in a comment – but then again, once rst2epub is ported to python3, I'll be happy to update the code. |
This patch lets rst2epub execute a local_extensions.py module that is in the current directory.
The idea is that people can add RST extension through that mechanism. The downside is that if someone gets a victim to check out a repo (or untar a zip) and tells them to run rst2epub on it, the victims might not be aware that they've given the attackers the right to execute arbitrary code on their machine. I consider this a bit far-fetched, but perhaps we should still add a flag ("--execute-localext") and only read local_extensions.py if that flag is given?