On Mon, 2010-05-10 at 10:43 +0200, Tollef Fog Heen wrote:
> ]] Frank Lin PIAT
>
> | I am not sure to understand what you want.
> | It is certainly possible to change the behavior, if it is safe.
> |
> | If I were you, I would use curly brackets, like for all code samples:
>
> I want it to be a URL in the generated text. AFAIK code samples are not
> clickable URLs.
> | Adding a protocol has important security implication:
> | - disclosing credential
> | - DoS attacks (locking accounts...)
> | - cross site scripting attacks
> | etc.
> | The main problem is that wikis are usually public, so anyone can add
> | arbitrary link.
>
> Given you can't accidentially disclose credentials any more by having
> something be a link than you can do so by putting it inline in a text on
> a page, I don't really see that as a valid reason.
I mean the visitor's credentials. for instance, there used to be a known
vulnerability in SMB/CIFS file sharing: if you put a link/image on a
file://\\myhostname\share\foo.jpg, web browsers used to connect
*automatically* to that share to retrieve the jpg file... the password
was send as clear text to "myhostname".
I expect similar problem with imap:// and webdav:// urls.
> | > I believe this is a release critical bug, but I'd
> | > appreciate your input on it before filing it.
> |
> | MoinMoin/config/__init__.py is not a configuration file, but the
> | "source" code, that needs to be modified before compilation.
> | (I understand that you are reluctant to do so, for security reason).
>
> | So what is/are the protocol(s) that you want/need? then we'll have to
> | figure out (your help is welcome):
>
> In my specific case, git.
>
> | - Does Debian or Windows or MacOS handle it? (with a popular tool)
>
> Yes, using git.
I guess you mean "git gui".
This doesn't looks like the standard behavior. It seems that you have
manually configured your web browser to open git:// URLs using "git
gui".
Until Debian (or Windows or MacOS) web browser can handle git://foo by
default, there is no point supporting it in MoinMoin, IMHO.
Franklin
P.S. using pipe (|) to quote text in your MUA is a annoying,
because it breaks existing convention.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
