>I think the best (only?) way to solve the plugin security problem would be to properly sandbox them with an explicit API and permission system.

I want to say "and especially prevent them from touching my private data (i.e. the whole point of Obsidian plugins being to read/write the documents)".

But if it can't talk to the internet, I kind of don't see the issue.

EDIT: Apparently due to how JS and Electron works, Obsidian plugins are just JS blobs that run in the global scope, and can read/write the whole filesystem (limited by user permissions) and make HTTP requests? Can someone confirm/deny this pls?

▲

tomjakubowski 3 hours ago | parent | next [-]

Theoretically in an Electron app, you could run plugins in a separate v8 context without the node native FS libraries available. Short of OS-level sandboxing that's probably the best they could do.

▲

Groxx 3 hours ago | parent | prev [-]

Confirmed: https://obsidian.md/help/plugin-security#Plugin+capabilities

There is no sandboxing at all. Every plugin has full access to your computer.

▲

thinkling an hour ago | parent [-]

Is there auto-updating of plug-ins?

Installing a plug-in and reviewing its code at that point is one thing. But if the plug-in can be updated withut you knowing, then there’s little guarantee of security.

	▲	kepano 41 minutes ago \| parent [-]
		You can automatically check for updates but it's off by default, and still requires a manual click. Also the new plugin review system automatically scans every release.