Script Access from YUI files should require whitelisting the available functions
shdwcat opened this issue · comments
Quetzy commented
Right now, YUI can execute any script, or any method on an object in the data context. In a released game this is obviously a huge security problem, so script access should require whitelisting, such that only the scripts allowed by the developer can be run.
Quetzy commented
This might be better solved by planned 'embedding' feature, though might still need to be solved to support UI modding (but that's way in the future)