First to actually answer your question, not really, but it probably isn't as bad as you think. From importing there is almost nothing that a tiddler can do other than change the display properties of your wiki by adding css and view templates. There is plenty you can do with those two things but it isn't the end of the world. And the Bob command line scripts need to be listed explicitly in the settings before they can be used to protect against exactly what you are describing. It isn't perfect but it is in almost all situations good enough.
And now a long winded reply that has a bit more explanation, if you want it. This came up when I was doing work with twederation. The safest way came from Jeremy when he said that we just import tiddlers as rendered html. If you want to allow more than links than there are some things you can do. In the core there isn't anything that can affect the wiki permanently without direct interaction of some sort. Tiddlers can have tags like $:/tags/RawMarkup, but that requires the wiki to be restarted and there is a small set of known tags that can add javascript. Plugins are marked as plugins and don't take effect until the wiki is restarted. Another concern is startup actions, but once again the tags that are needed for that are known and the wiki has to be restarted. This doesn't cover things like the TriggerActions plugin I made, which can change the wiki in response to many different changes to the state after it is installed, but that uses a known tag. We could create a safer import option that detects these tags and changes them, probably by adding a prefix like QUARANTINE- to the start of the tag, which would cover almost all times when an imported tiddler could break the wiki. We probably want to include css into that because you can do some sneaky things with css. In terms of Bob specifically you bring up a good point. For the secure server version I have online you have to explicitly give access to a logged in person to run scripts and I have it disabled for everyone, but it also needs to have per-wiki controls for the same logged in person so that we can make sandboxed wikis that are at least somewhat protected against malicious code. I am currently working on adding the same sort of access controls to the normal Bob versions so one solution to what you are describing would be to create a new wiki using the imported tiddlers and not giving that wiki any permissions to access the outside world. It would take a bit of work to do it well but I think that it may be worth while task. The server images plugin I made already intercepts imported tiddlers and changes them so it wouldn't be a terribly large task to have it check the tags on the imported tiddlers against a list of potential problems and then modify them to be inert, but we would have to be careful to catch all of the tags and there may be other ways to cause trouble. -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/8c91da64-f2c7-42f4-8826-7a5e77d8d407%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
