Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The button on the browser just navigates to the URL `git-peek://https://github.com/name/repo`. How your system handles this git-peek protocol is completely up to you. While the git-peek package does offer to setup a handler for this custom git-peek protocol, I went ahead and set it up manually. Now, my system calls this bash script whenever it encounters the git-peek protocol:

  #!/usr/bin/env bash
  # Expects a single argument: git-peek://<path>
  # Example: git-peek://https://github.com/Jarred-Sumner/peek
  kitty --single-instance --detach -e zsh -c "source ~/.zshrc; git peek $1"
You can set it up to do anything you like.


What happens if you click a link to git-peek://$(cat</etc/passwd) ?


I'm not sure. What?

Is there a reasonably legitimate reason to stop using this?


That's the issue here. You need to be 100% sure handler is entirely bug free or any site can redirect to that url and exploit any bug in it




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: