banned thread made me aware of the potential issues with plugins having access to entire feed data with no sane controls on data processing, tt-rss normally has.
while i value flexibility and a swiss army knife nature of tt-rss i don’t want it to become a really shitty denial of service vector.
therefore, let’s think on what should be done with the following:
const HOOK_FEED_PARSED = 6; -- ?maybe? not sure const HOOK_FEED_FETCHED = 12; const HOOK_FETCH_FEED = 22;
anything else i’ve missed?
bundled plugins would be exempt of any potential limitations because there’s at least some measure of quality control and responsibility involved. for third party plugins, though, i’m simply not sure what to do.
e: i can already see a “place this plugin in a system plugins directory instead of plugins.local because it won’t work otherwise” or “adjust whitelist here source.php:123”
this approach probably won’t work