PyScript Vulnerabilities/Expected Behavior
Update (12/May/2022) : I reported below observations to the PyScript team and they have confirmed that these are expected behavior. Since the emscripten filesystem is in the user’s browser memory itself, no harm in being able to list files, access files or write to arbitrary locations. Refer this issue. Introduction Vulnerabilities I found in PyScript. Vulnerability 1: File System Browsing Using the glob module which is part of Python Standard Library, the Emscripten filesystem can be browsed....