Hi Tony >> There are security risks around this plugin, in particular it makes it >> possible to construct certain phishing attacks: I can make a URL which >> accesses > > Perhaps you were going to say more?
Indeed, apologies, see my answer below. >> On Thursday, February 6, 2020 at 9:39:56 AM UTC+11, Jeremy Ruston wrote: >> As is typical when we try to bend the edges of what browsers are supposed to >> do, it seems that links of this size won’t work correctly everywhere under >> all circumstances, and so we probably need to be systematic in finding the >> places where we can safely use them. > > I had assumed the only installable component was for the creation of loaded > URL's not the receipt of them. > > Not withstanding the important security considerations if the ability to > receive loaded urls were possible in all wikis, but perhaps with an on off > toggle it would be an advantage. Perhaps when such an event occurs a wiki is > loaded and a payload dropped a notification appears that will not go away > until deleted eg: "Warning, payload tiddlers installed as a result of a > 'loaded URL' . > > Keeping in mind a standard link to a current tiddlywiki could be a phishing > attempt, as is any link to any website. I can make a URL which points to tiddlywiki.com and yet contains my own content. The ability to remotely change the content of a website in the same action as sharing it is pretty dangerous. For example, I could craft a link to tiddlywiki.com that changes the wiki so that the download button downloads malware. It's actually a 'cross site scripting' attack. Best wishes Jeremy > > Regards > tony > > Regards > Tony > > -- > You received this message because you are subscribed to the Google Groups > "TiddlyWiki" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/tiddlywiki/cb14a7e0-ab1e-472f-8249-077f20936937%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/7B45D486-9EED-44E3-BF34-775EE43E4480%40gmail.com.
