GithubHelp home page GithubHelp logo

Comments (3)

joe27g avatar joe27g commented on July 21, 2024 28

This may all be true, but what other choice do we have? If Discord cared to make an easy way for client mods to inject, or just plugin/theme support in general, this wouldn't be a problem. But by fighting client mods, they give users the choice to allow the Discord app to have a fraction of its usefulness or have reduced security. Not to mention client mods have to use the same injection methods as malware, which hurts our reputation and blurs the line between good and bad Discord modifications. I can't tell y'all what to do, but if you really care about client mod users' security, you could just add official support for some of the things we've had to awkwardly patch in for years.

from enhanceddiscord.

joe27g avatar joe27g commented on July 21, 2024 13

Note: I don't mean to be hostile to you (night) or any other Discord employees, I was just trying to point out that it's a bit ironic to give suggestions to projects that you generally don't support/advocate against using. I just assumed that the reason for creating this issue was to call out client mods as being insecure, but I understand now you were just trying to help. No hard feelings.

Anyway, as for the issues themselves, I'm not interested in fixing them for a few reasons:

  • These are mostly carried over from BD, so I don't remember why exactly each of these options were changed.
  • The CSP is probably the most likely to be abused, so I'd love to just re-enable it and prevent any non-Discord remote scripts from loading, but that would break themes and many BD plugins.
  • Reverting these changes or implementing alternative solutions would require testing with many different plugins, including BD plugins. I don't have time to figure out what the alternatives are or do said testing, hence the "help wanted" label.

For reference, powercord-org/powercord#386 has more info and discussion about these issues.

from enhanceddiscord.

MasicoreLord avatar MasicoreLord commented on July 21, 2024

Accounted for and partially fixed by last update, EnhancedDiscord has cut off updates, and all remaining official support will terminate April 12th.

from enhanceddiscord.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.