nesdev.com
http://forums.nesdev.com/

Please add .UNF extension to the list of allowed files
http://forums.nesdev.com/viewtopic.php?f=13&t=10818
Page 3 of 4

Author:  rainwarrior [ Mon Jan 08, 2018 3:53 pm ]
Post subject:  Re: Please add .UNF extension to the list of allowed files

Request: Processing .pde files

They're a text format, basically just a java source code. Useful for writing visual examples, especially interactive ones.

Author:  Memblers [ Tue Jan 09, 2018 9:50 pm ]
Post subject:  Re: Please add .UNF extension to the list of allowed files

.pde extension was added

Author:  krzysiobal [ Sat Jan 13, 2018 3:51 pm ]
Post subject:  Re: Please add .UNF extension to the list of allowed files

Really, why annoying users and making them need of additioanl effort for double uploading some files (if first time it fails, then he needs to pack it as .zip/.rar)

AVI also is not alowed.

Author:  tepples [ Sat Jan 13, 2018 7:43 pm ]
Post subject:  Re: Please add .UNF extension to the list of allowed files

A nontrivial AVI is probably too big in MB to attach anyway.

Author:  qalle [ Wed May 02, 2018 8:12 am ]
Post subject:  Re: Please add .UNF extension to the list of allowed files

Requests:

Author:  Memblers [ Thu May 03, 2018 12:15 am ]
Post subject:  Re: Please add .UNF extension to the list of allowed files

.xz seems good, .bat and .java though both make me a little paranoid. If it's not a filetype I would feel safe opening myself from a random unknown source, I wouldn't want the forum to allow someone else to, also. Of course I'm not worried about stuff actual forum users would post, but anybody can easily make an account. Unfortunately, we don't have an easy way of stopping someone from posting attachments and spam URLs as soon as they sneak through the registration process, wouldn't be a concern otherwise.

Author:  koitsu [ Thu May 03, 2018 12:31 am ]
Post subject:  Re: Please add .UNF extension to the list of allowed files

People should be compressing stuff like that using .zip or some other format if possible.

Author:  tepples [ Thu May 03, 2018 6:08 am ]
Post subject:  Re: Please add .UNF extension to the list of allowed files

I'm getting the point: source code should be in a zipfile or something so that the user has to take a deliberate action to execute it even on an exploited browser, especially if it's in a scripting language like .bat. I may have made a mistake in the past by adding scripting language source code; that mistake may need to be reversed sometime.

I've added .xz.

Author:  thefox [ Thu May 03, 2018 8:30 am ]
Post subject:  Re: Please add .UNF extension to the list of allowed files

Memblers wrote:
.xz seems good, .bat and .java though both make me a little paranoid.

I agree about .bat, but .java is just Java source code. It won't run by default on any operating system (.js is a different deal).

Author:  tepples [ Thu May 03, 2018 10:10 am ]
Post subject:  Re: Please add .UNF extension to the list of allowed files

My proposal: Remove .lua, .php, .py, .js, and .swf; add .java. Anyone second or object?

Author:  lidnariq [ Thu May 03, 2018 10:32 am ]
Post subject:  Re: Please add .UNF extension to the list of allowed files

Could we change the "you can't upload that" message to instead say "put it in an archive and then upload that" ?

Author:  Memblers [ Thu May 03, 2018 10:36 am ]
Post subject:  Re: Please add .UNF extension to the list of allowed files

tepples wrote:
My proposal: Remove .lua, .php, .py, .js, and .swf; add .java. Anyone second or object?


I think .py and .lua are probably OK along the lines of .java, AFAIK they're not something one could just mindlessly click on and launch, right? I'm not a big user of any of those languages so it's a real question. At least not without purposefully installing some kind of support for those in your OS. We see those used enough around here that's it's probably not worth trading the convenience for the safety. Removing php, js and swf sounds reasonable to me, though.

Author:  tepples [ Thu May 03, 2018 12:53 pm ]
Post subject:  Re: Please add .UNF extension to the list of allowed files

Memblers wrote:
tepples wrote:
My proposal: Remove .lua, .php, .py, .js, and .swf; add .java. Anyone second or object?

I think .py and .lua are probably OK along the lines of .java, AFAIK they're not something one could just mindlessly click on and launch, right?

The installer of Python for Windows associates the .py extension with itself.

Memblers wrote:
At least not without purposefully installing some kind of support for those in your OS.

PHP and Python are roughly in the same boat here: the interpreter isn't installed by default on Windows. Python is more likely to be installed on FreeBSD and GNU/Linux, but those systems use the execute bit to decide when to treat something as a program. And anyone who has started with my NES and Super NES project templates has Python and Pillow installed alongside cc65.

Author:  rainwarrior [ Thu May 03, 2018 2:25 pm ]
Post subject:  Re: Please add .UNF extension to the list of allowed files

I like both .py and .lua here very much, and would not want to see them removed. I also previously requested .pde which is tantamount to .java already.

I can understand trepidation about .bat, though I'd also say that they're not a particularly versatile script format, and rarely useful without accompanying files (thus already covered by zip/etc), so having loose .bat prevented doesn't seem like a big deal to me.

I don't really think .js or .php is a problem. I've definitely seen .bat as a vector for malware installation, because any Windows user can run it. The others require separate installs. I don't think there's any value in trying to prevent all executable code from being attached (quite the opposite), I thought the goal was just to stop up typical malware/spam points?

Same deal with .swf... but has someone actually wanted to attach an .swf here?

Author:  qalle [ Thu May 03, 2018 4:02 pm ]
Post subject:  Re: Please add .UNF extension to the list of allowed files

I agree; .bat would be dangerous and quite useless. .swf seems unnecessary, too.

However, I think most source files (.py etc.) should be accepted. After all, they're not more dangerous than an .exe inside a .zip, which can be executed even on an out-of-the-box Windows.

More suggestions:
  • .bas (BASIC source; there might be some old utilities written in it, although I don't remember seeing any)
  • .svg (Scalable Vector Graphics; for posting e.g. sketches of game graphics/website logos)
  • .xhtml (some documents might be in that format, although again I don't remember seeing any)

Page 3 of 4 All times are UTC - 7 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/