Jeremy, you said;
There are security risks around this plugin, in particular it makes it > possible to construct certain phishing attacks: I can make a URL which > accesses Perhaps you were going to say more? On Thursday, February 6, 2020 at 9:39:56 AM UTC+11, Jeremy Ruston wrote: > As is typical when we try to bend the edges of what browsers are supposed > to do, it seems that links of this size won’t work correctly everywhere > under all circumstances, and so we probably need to be systematic in > finding the places where we can safely use them. > I had assumed the only installable component was for the creation of loaded URL's not the receipt of them. Not withstanding the important security considerations if the ability to receive loaded urls were possible in all wikis, but perhaps with an on off toggle it would be an advantage. Perhaps when such an event occurs a wiki is loaded and a payload dropped a notification appears that will not go away until deleted eg: "Warning, payload tiddlers installed as a result of a 'loaded URL' . Keeping in mind a standard link to a current tiddlywiki could be a phishing attempt, as is any link to any website. Regards tony Regards Tony -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/cb14a7e0-ab1e-472f-8249-077f20936937%40googlegroups.com.
