In the middle of the desert you can say anything you want

24 May 2022

python sanitizing filenames with external library

sanitize-filename · PyPI does what it says on the box.

It’s more complex than the replace--/ that I had in mind: sanitize_filename/ · master · jplusplus / sanitize-filename · GitLab

And intution tells me using external semi-unknown libraries like this might be a security risk.

TODO - what is the best practice for user-provided values that might become filenames?.. Something not smelling of either injection vulns or dependency vulns?

Nel mezzo del deserto posso dire tutto quello che voglio.