On Thursday, May 16, 2019 at 2:41:18 AM UTC+2, TonyM wrote: ... > > On the security issue, I am aware that people can harvest info from a > visible URI and I will take this into account, however the power of passing > info to a TiddlyWiki is very useful. >
Info yes. ... content: _no_ My concerns are not about privacy. ... It's about security. If we can inject content with the address bar into a TW, we could inject evil code using an URL shortener. - So I could create a shortURL that points to a TW, that you host and inject some "trojan" code. - Users may download this wiki from your page and save it to their HD. - Since a file based TW can be splitted into tiddlers in a directory. - This TW can be hosted using node.js or may be BOB - The sleeping code could be activated, if executed on the server I think that's a security problem, since the injected code can run with "server access" now. have fun! mario -- You received this message because you are subscribed to the Google Groups "TiddlyWikiDev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywikidev. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywikidev/f3acd4ac-52c5-4758-88d3-4c10fa0f868e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
