As has being said; *file:// is one origin*
This seems like a gap to me on *browsers in general*. Perhaps a side effect of recent years security changes. If we could add into the security permissions to allow write to file://C:/scratch file://C:/data/tiddlywiki etc... to a particular site or address, and perhaps local host etc... a lot of our savings issues could be eliminated. Of course an interactive dialogue requesting such permissions ONCE would be fine. With a reminder when relying on it. Regards Tones On Wednesday, 19 May 2021 at 02:12:17 UTC+10 [email protected] wrote: > Nolan, the security should be fine even if opening the HTML file from the > file system (i.e. file://path/to/yourwiki.html) unless you modify the JS in > the plugin. If you use a web server, then I save the file handle between > page reloads so you don't have to select it from the file picker. This is > unsafe using file:// since file:// is one origin and thus any HTML file you > open in Chrome from file:// can access that file handle. > > I detect when the plugin is being used from file:// and do not attempt to > save the file handle in that case to avoid this security issue. It's not > really a huge deal, you just have to select your wiki from the file picker > each time you reload the wiki (I personally only do this if I'm installing > new plugins or if my computer reboots). > > In terms of practical usage, I would recommend making sure you backup your > wiki regularly including multiple previous versions. That isn't really for > security, but more to help if you accidentally make a recursive tiddler of > doom or something. > > On Sun, May 16, 2021 at 10:41 AM Nolan Darilek <[email protected]> > wrote: > >> FWIW, I'm not using the separate server here and things work fine on >> Chrome. I imagine it helps with security concerns, but I've chosen to not >> worry about any as they relate to this plugin for now, particularly since I >> only use Chrome for this. >> On 5/15/2021 9:49 PM, 'Mark S.' via TiddlyWiki wrote: >> >> It's pretty straight forward. You just need >> >> 1. A chromium-based browser >> 2. Dyllon's plugin from above >> 3. Any way to serve up the file including Tiddlywiki on node (it serves >> up things in the /files dir) and python. >> >> Python comes with a simple server where you can just run >> >> python3 -m http.server 9000 >> >> (where 9000 is the port) and everything is the directory will be served >> up as static. >> >> If I understand correctly, the static server is just providing a "safe" >> pathway that can be used as an index to save the physical (on-disk) path. >> >> You put the plugin in your TW file and save it via your conventional way >> (perhaps as a download) to it's home. Then serve up the file with your web >> server. Then make changes and save. The first time it saves it will ask for >> a path. Specify the path to where you want to save. After that all saves >> are automatically saved to the same path. >> >> Remember when you're testing to either turn off Timimi or to use an >> account without Timimi installed. >> >> Alas, it doesn't seem to quite work on Android. It wants to do that file >> (1), file (2) .... thing. >> >> >> >> >> On Saturday, May 15, 2021 at 5:15:03 PM UTC-7 TW Tones wrote: >> >>> Folks, >>> >>> Is there a simple set of instructions to make use of this. I cant see >>> them and don't have a lot of time available to read through the discussion? >>> >>> Personally I am interested in a php implementation. >>> >>> Thanks in advance >>> Tones >>> >>> On Saturday, 15 May 2021 at 00:20:13 UTC+10 PMario wrote: >>> >>>> On Friday, May 14, 2021 at 3:49:30 PM UTC+2 [email protected] wrote: >>>> >>>>> Never mind, works perfectly in Chrome. Apparently the filesystem API >>>>> was recently disabled in Brave, which is what confused me. Tested it a >>>>> couple months ago and it worked fine. >>>>> >>>> I think it's good to know, where it works and where it doesn't. .. So >>>> I'd call it an "experience report"! >>>> -m >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "TiddlyWiki" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/tiddlywiki/cdd36141-ced4-4d6d-a8ee-03ec77fdc298n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/tiddlywiki/cdd36141-ced4-4d6d-a8ee-03ec77fdc298n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> -- >> > You received this message because you are subscribed to a topic in the >> Google Groups "TiddlyWiki" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/tiddlywiki/IczqdIdC3lE/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/tiddlywiki/b9ff337b-8725-8cd2-92a9-1fae98be92aa%40thewordnerd.info >> >> <https://groups.google.com/d/msgid/tiddlywiki/b9ff337b-8725-8cd2-92a9-1fae98be92aa%40thewordnerd.info?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/09fd1dd0-0f49-4b41-8485-91976275ba9en%40googlegroups.com.
