https://bugs.documentfoundation.org/show_bug.cgi?id=135508
Mike Kaganski <[email protected]> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |[email protected],
| |[email protected]
--- Comment #8 from Mike Kaganski <[email protected]> ---
(In reply to S.Zosgornik from comment #7)
> Again, you speak about documents with links to external SITES while I speak
> about locale files.
I speak about local files, too. If you automatically open a local file linked
to currently opened local file, you are at risk.
> LibreOffice isn't a web-browser nor an email-client. It
> can't open web-sites other than in plain-text and the only concern would be
> about external images that could track the users.
Wrong. You perfectly can reference other ODFs or OOXMLs from e.g. WebDAV (i.e.,
"http:/...")
> So I can totally agree to a secure setting to prevent LibO to open remote
> files. Similar to the security setting of disable macros by default.
>
> But the dialog says: "The document contains one or more links to external
> data. Would you like to change the document, and update all links to get the
> most recent data?" And even if you chose "No" will LibO include the data of
> the linked document, just not updated to the current version.
The data is cached in the opened document, so LO does not need to fetch
anything from other files.
> Sure. buffer-overrun attempts can happen, even on local files downloaded
> from the wrong source. But the right solution should be to ask the user to
> execute macro data and open remote files rather than urge him to confirm his
> own documents on every opening.
LibreOffice has no way to know if that's your documents or not.
Maybe Caolan and Stephan have their opinion on this?
--
You are receiving this mail because:
You are the assignee for the bug._______________________________________________
Libreoffice-bugs mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
