Sandboxing

indolering

I read the security page in the docs as well as the security nutrition labels in Bazaar/Flatpak and I'm a bit confused about this line:

Zettlr's ability to execute arbitrary code while importing, viewing, and exporting Markdown documents is not a security flaw but a conscious design decision.

I find it odd to make such a design choice given the availability of capability based interfaces/portals, sandboxing, and other security measures. Why does Zettlr need access to the entire file system instead of negotiating that access through xdg-portal and other platform equivalents (which Electron supports AFAICT)?

hendrik

Easy: 1) because sandboxes are implemented by the OS but users can disarm them (by just granting Zettlr access everywhere which many will do), and 2) because actually, really tightly sandboxing Zettlr would disable a lot of functionality. Also, the aim of that section is to tell people that they need to be cautious in every instance, so I didn’t bother going into too much detail.