On Tue, Jan 11, 2011 at 9:36 PM, Joshua Tacoma <joshua.tac...@gmail.com> wrote: > Hey all, I'm interested in writing a formatter that would produce a > javascript file or module, executable in the browser, based on snippets and > tables in the source. It could turn a wiki into a literate javascript > development environment. So I've got some questions: > - Has this already been done? > - Are the security issues so obviously and deeply hairy that no one in their > right mind would do such a thing? Yes, there are security issues. Basically, the javascript on the page has access to the cookie (and thus the session) of the user who is browsing the page, and can act in that user's name on the wiki, doing anything the user can do.
[...] -- Radomir Dopieralski, http://sheep.art.pl ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Moin-user mailing list Moin-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/moin-user
