Nolan, the security should be fine even if opening the HTML file from the file system (i.e. file://path/to/yourwiki.html) unless you modify the JS in the plugin. If you use a web server, then I save the file handle between page reloads so you don't have to select it from the file picker. This is unsafe using file:// since file:// is one origin and thus any HTML file you open in Chrome from file:// can access that file handle.
I detect when the plugin is being used from file:// and do not attempt to save the file handle in that case to avoid this security issue. It's not really a huge deal, you just have to select your wiki from the file picker each time you reload the wiki (I personally only do this if I'm installing new plugins or if my computer reboots). In terms of practical usage, I would recommend making sure you backup your wiki regularly including multiple previous versions. That isn't really for security, but more to help if you accidentally make a recursive tiddler of doom or something. On Sun, May 16, 2021 at 10:41 AM Nolan Darilek <[email protected]> wrote: > FWIW, I'm not using the separate server here and things work fine on > Chrome. I imagine it helps with security concerns, but I've chosen to not > worry about any as they relate to this plugin for now, particularly since I > only use Chrome for this. > On 5/15/2021 9:49 PM, 'Mark S.' via TiddlyWiki wrote: > > It's pretty straight forward. You just need > > 1. A chromium-based browser > 2. Dyllon's plugin from above > 3. Any way to serve up the file including Tiddlywiki on node (it serves up > things in the /files dir) and python. > > Python comes with a simple server where you can just run > > python3 -m http.server 9000 > > (where 9000 is the port) and everything is the directory will be served up > as static. > > If I understand correctly, the static server is just providing a "safe" > pathway that can be used as an index to save the physical (on-disk) path. > > You put the plugin in your TW file and save it via your conventional way > (perhaps as a download) to it's home. Then serve up the file with your web > server. Then make changes and save. The first time it saves it will ask for > a path. Specify the path to where you want to save. After that all saves > are automatically saved to the same path. > > Remember when you're testing to either turn off Timimi or to use an > account without Timimi installed. > > Alas, it doesn't seem to quite work on Android. It wants to do that file > (1), file (2) .... thing. > > > > > On Saturday, May 15, 2021 at 5:15:03 PM UTC-7 TW Tones wrote: > >> Folks, >> >> Is there a simple set of instructions to make use of this. I cant see >> them and don't have a lot of time available to read through the discussion? >> >> Personally I am interested in a php implementation. >> >> Thanks in advance >> Tones >> >> On Saturday, 15 May 2021 at 00:20:13 UTC+10 PMario wrote: >> >>> On Friday, May 14, 2021 at 3:49:30 PM UTC+2 [email protected] wrote: >>> >>>> Never mind, works perfectly in Chrome. Apparently the filesystem API >>>> was recently disabled in Brave, which is what confused me. Tested it a >>>> couple months ago and it worked fine. >>>> >>> I think it's good to know, where it works and where it doesn't. .. So >>> I'd call it an "experience report"! >>> -m >>> >> -- > You received this message because you are subscribed to the Google Groups > "TiddlyWiki" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/tiddlywiki/cdd36141-ced4-4d6d-a8ee-03ec77fdc298n%40googlegroups.com > <https://groups.google.com/d/msgid/tiddlywiki/cdd36141-ced4-4d6d-a8ee-03ec77fdc298n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to a topic in the > Google Groups "TiddlyWiki" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/tiddlywiki/IczqdIdC3lE/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/tiddlywiki/b9ff337b-8725-8cd2-92a9-1fae98be92aa%40thewordnerd.info > <https://groups.google.com/d/msgid/tiddlywiki/b9ff337b-8725-8cd2-92a9-1fae98be92aa%40thewordnerd.info?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/CAJsXKEPPExVRhWBw0abG3LpcfDTrHoN4LvNQbyHD7f2LuQJw3w%40mail.gmail.com.
