Don't require automatic image embeds to see bot comments
I need to enable image embeds (and expose myself to remote code execution if the image libraries have RCE bugs) to see bot statements on Discord. This is a conflation of the preference that is counterintuitive and contradicts what the preference says. I would like to see what bots have to say--which are all text and thus not exploitable--without exposing myself to potential remote code execution bugs.
I have image embeds and all of those features turned off because it is possible--however improbable--for a remote attacker to specially craft an image that exploits a vulnerability in the image libraries my client is using. Disabling image embeds means I need to click the image link to open the image, thereby reducing my attack surface to only images from people I trust rather than anyone coming onto the server hoping to zeroday root anyone on the server they've just joined.
-
If I understand what you're asking for, you can do role-based permissions on autoembeds and just give a "bot" role to the bots so that only people with the "bot" role have embed link permissions.
Edit: same with embedding images
0 -
This is the other way round. Specifically, I'm talking about *viewing* bot messages. I don't want to enable any kind of embeds or smart handling of links etc. for bots. Right now these settings are conflated.
0
請登入寫評論。
評論
2 條評論