On Saturday, September 6, 2025 at 7:14:35 AM UTC-4 Edward K. Ream wrote: ...
But Leo can do nothing to prevent the unwary from foolishly clicking a button in an outline from an unknown source. In this sense, passing .leo files around should be a real security concern. - it could modify a standard Leo command to do something nefarious. For myself, I use a javascript blocker in my browser. It would be best if the read-only representation of a Leo outline wouldn't need to import any script packages, for then a script blocker won't need to be told to make an exception, which once again could become a security matter. I don't believe BitDefender would likely detect malicious .leo file. They would likely constitute a Day zero exploit <https://en.wikipedia.org/wiki/Zero-day_vulnerability>. I agree; I was only referring to read-only representations that don't include executable scripts. Exploiting them would require smuggling new code in using imports of external libraries. That's what a javascript blocker could prevent. As could a simple representation that doesn't need to use imported libraries. -- You received this message because you are subscribed to the Google Groups "leo-editor" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/leo-editor/daa42184-9b07-4a94-b65d-39d820ab77een%40googlegroups.com.
