Am Mittwoch, dem 16.08.2023 um 14:33 -0400 schrieb Scott Kostyshak: > I think Daniel is talking about: > > Document > Settings > Format > Output > "Allow running external > programs"
Or, for that matter, Tools > Preferences > File Handling > Converters > Use needauth option > > Whether 5 or 6, I wonder if it would be helpful to combine the > preferences. i.e., have a preference "Trust document content", and > then > allow the user finer control if they prefer? I also think it should be something along the line of shell escape, i.e., people can chose to trust open link or abort, and they can decide to trust the document. An important issue is that, if people chose to trust the document, the trust should only hold on the current computer (as with shell escape). Otherwise evil persons could set the trust before sending. So a dialog that says: ---- LyX wants to open the following link in an external application: <url> Be aware that this might entail security infringements. Only do this if you trust the target! How do you want to proceed? [Open link] [Abort (=default)] [ ] Trust this document and do not ask me again! --- I am not sure we really need a pref to bypass this measure, or disable the feature completely (as in needauth). This strikes me overregulation. BTW are we talking URLs only or also links to local files? If the latter is also considered to be harmful, things will get significantly more complicated if lyxpaperview.py is involved. The dialog above can be implemented easily (for web links). -- Jürgen
signature.asc
Description: This is a digitally signed message part
-- lyx-devel mailing list lyx-devel@lists.lyx.org http://lists.lyx.org/mailman/listinfo/lyx-devel
