Hello All,

On Wed, Jun 02, 2021 at 01:00:08PM -0700, Dave Fisher wrote:

> > On Jun 2, 2021, at 11:58 AM, Marcus <marcus.m...@wtnet.de> wrote:
> > 
> > Am 02.06.21 um 00:07 schrieb Peter Kovacs:
> >> On 01.06.21 21:57, Arrigo Marchiori wrote:
> >>>>> I would not go for file://. Can we go for a pattern derivated from 
> >>>>> file://path/document.ods#anchor ?
> >>> I am not sure I understand your question, Peter.
> >>> 
> >> I am suggesting not to trust file:// in general, but the anchored URL, 
> > 
> > yes, the securty report is talking about nin-http(s) links, And "ile" is 
> > not http. There we have to treat this as insecure.
> > 
> >> maybe file://*#anchor if you like.
> >> But maybe I got this URL wrong.
> > 
> > Hm, I don't see how an anchor makes the document more secure. ;-)
> We need to know if the file:// is already open.

We might be able to know whether the file is already open, if it is an
AOO document.

But what if the file is a JPG image? Or a MP3 audio? Should it not be
considered safe as well? And for what I know, AOO cannot open images
or MP3's as documents.

Judging on the file extension seems to me the best way to follow, at
least for the file:/// protocol and any other protocols that rely on

I hope this makes sense.

To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org

Reply via email to