Re: Formats::viewURL()
On 11/01/2010 11:35 AM, Pavel Sanda wrote: Richard Heck wrote: yes, i'm aware of it. do you propose some alternative? I had the idea to look for a browser and record that separately. But it wouldn't fit into the normal viewer stuff. i see. you have my ok for both alternatives - disabling it or rework the stuff. the security alert is justified, iirc startscript would allow things like www.google.com; rm * at least on some archs iirc. I decided to disable this, at least for now. I don't see a safe, reliable way to do it. Richard
Re: Formats::viewURL()
On 11/01/2010 11:35 AM, Pavel Sanda wrote: Richard Heck wrote: yes, i'm aware of it. do you propose some alternative? I had the idea to look for a browser and record that separately. But it wouldn't fit into the normal "viewer" stuff. i see. you have my ok for both alternatives - disabling it or rework the stuff. the security alert is justified, iirc startscript would allow things like "www.google.com; rm *" at least on some archs iirc. I decided to disable this, at least for now. I don't see a safe, reliable way to do it. Richard
Re: Formats::viewURL()
Richard Heck wrote: Pavel, I think you introduced this in connection with InsetHyperlink::viewTarget(). But it seems wrong to me. There's no particular reason to think that the URL in that case will actually be of type HTML, or that the viewer defined for HTML will be able to handle it. I mean, it might be that the viewer is firefox and the url is http://whatever.com/file.pdf, in which case you'll ultimately get the right result. But the viewer might be something else and the url might be anything. Right? yes, i'm aware of it. do you propose some alternative? seconddly for the security pov i see the only two alternatives - either to remove it completely or to ask for the whole command before proceeding (with never ask me again or so...). dont have any hard opinion about it and see your concerns - if we remove it its just one more patch in my local patch set ;) pavel
Re: Formats::viewURL()
On 11/01/2010 10:21 AM, Pavel Sanda wrote: Richard Heck wrote: Pavel, I think you introduced this in connection with InsetHyperlink::viewTarget(). But it seems wrong to me. There's no particular reason to think that the URL in that case will actually be of type HTML, or that the viewer defined for HTML will be able to handle it. I mean, it might be that the viewer is firefox and the url is http://whatever.com/file.pdf, in which case you'll ultimately get the right result. But the viewer might be something else and the url might be anything. Right? yes, i'm aware of it. do you propose some alternative? I had the idea to look for a browser and record that separately. But it wouldn't fit into the normal viewer stuff. rh
Re: Formats::viewURL()
Richard Heck wrote: yes, i'm aware of it. do you propose some alternative? I had the idea to look for a browser and record that separately. But it wouldn't fit into the normal viewer stuff. i see. you have my ok for both alternatives - disabling it or rework the stuff. the security alert is justified, iirc startscript would allow things like www.google.com; rm * at least on some archs iirc. pavel
Re: Formats::viewURL()
Richard Heck wrote: > Pavel, I think you introduced this in connection with > InsetHyperlink::viewTarget(). But it seems wrong to me. There's no > particular reason to think that the URL in that case will actually be of > type HTML, or that the viewer defined for HTML will be able to handle it. I > mean, it might be that the viewer is firefox and the url is > http://whatever.com/file.pdf, in which case you'll ultimately get the right > result. But the viewer might be something else and the url might be > anything. Right? yes, i'm aware of it. do you propose some alternative? seconddly for the security pov i see the only two alternatives - either to remove it completely or to ask for the whole command before proceeding (with never ask me again or so...). dont have any hard opinion about it and see your concerns - if we remove it its just one more patch in my local patch set ;) pavel
Re: Formats::viewURL()
On 11/01/2010 10:21 AM, Pavel Sanda wrote: Richard Heck wrote: Pavel, I think you introduced this in connection with InsetHyperlink::viewTarget(). But it seems wrong to me. There's no particular reason to think that the URL in that case will actually be of type HTML, or that the viewer defined for HTML will be able to handle it. I mean, it might be that the viewer is firefox and the url is http://whatever.com/file.pdf, in which case you'll ultimately get the right result. But the viewer might be something else and the url might be anything. Right? yes, i'm aware of it. do you propose some alternative? I had the idea to look for a browser and record that separately. But it wouldn't fit into the normal "viewer" stuff. rh
Re: Formats::viewURL()
Richard Heck wrote: >> yes, i'm aware of it. do you propose some alternative? >> >> > I had the idea to look for a browser and record that separately. But it > wouldn't fit into the normal "viewer" stuff. i see. you have my ok for both alternatives - disabling it or rework the stuff. the security alert is justified, iirc startscript would allow things like "www.google.com; rm *" at least on some archs iirc. pavel
