On Thursday, April 22, 2021 at 1:38:35 PM UTC+2 [email protected] wrote: > Interesting. So what’s stopping a TW owner from injecting a malicious > script into a tiddler? >
IMO "owner" is the key here. ... If you own it, you can do what ever you want. The same is true for "attacker" ;) ... If s/he has access to your PC, nothing can prevent them from adding malicious code to your wiki. But as I wrote, that's not a TW problem. That's a OS level problem. > On a side note, PAT’s May be more safely stored by using the CryptoJS > library (AES) which requires a password to decode the PAT. > That's what the guthub issue is about. > I did something similar in my repo at GitHub.com/flancast90/lockifyJS, > which could be simply adapted. > Will have a look. -mario -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/4a7d49a6-00de-48af-ac01-76f5832adf14n%40googlegroups.com.
