Hi, As far as I know, building sphinx-doc is basically safety operation. But conf.py is recognized python script, so it is danger if conf.py is placed under untrusted directory.
BTW, I've never use tikz extension. so I don't know about it. Thanks, Takeshi KOMIYA 2016年9月10日土曜日 7時31分24秒 UTC+9 Augusto Teixeira: > > We would like to build a kind of wiki engine and Sphinx seems like the > perfect tool for our project, given a complicated list of requirements we > have. > > > So the question is how safe it would be to run sphinx-build then make > (both for LaTeX and html outputs) on an untrusted directory provided by > an unknown user. > > Note that this will not be Phython documentation project, so there will be > no need to run python scripts or activate features such as doctest or > autodoc. However, support for math is vital. > > > We would specially like to know: > > > 1. In case it is not safe, what are the threats and is there a simple > way to mitigate the risks? > 2. In case it is safe, what about including extensions? We are > specially interested in the tikz extension (in the tikz's extenstion > documentation, they claim that tikz is supported in readthedocs). > > -- You received this message because you are subscribed to the Google Groups "sphinx-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/sphinx-users. For more options, visit https://groups.google.com/d/optout.
