Skip to content

External tileset concerns

https://gitlab.com/ljcode/tiled-json-rs/blob/c8722c508481bd3d5c682af2abb797fe5565f25c/src/tile_set.rs#L121

                Helper::External(v) => {
                    let path = PathBuf::from(v.source);
                    let file = File::open(path)
                        .map_err(|e| Error::custom(format!("{:?}", e)))?;

Couple of concerns I have here:

  • When dealing with User Generated Content, this could read any file on disk via relative paths. While there's a limit to how much damage can be done - since most files won't also parse as valid JSON tilesets - that still makes me all kinds of nervous.
  • This just plain straight up won't work in a wasm32-unknown-unknown browser context / using quicksilver or any other custom resource system.