Joe Smith wrote: > It would be fantastic if there were also a macro environment that could > do the kinds of things that are appropriate for macros-in-documents (add > a menu, process the document text) and yet is guaranteed to have no > access to other things--like Javascript in a web page. > > Something like this does not have to be a complicated sandbox around > BASIC. It could be a different scripting language or a modified BASIC > that would be designed to completely exclude those facilities. > > The Javascript model works very well for the 'net (think how much better > security FF/Javascript has over IE/ActiveX), why can't it work for OOo?
The problem is that a useful macro language must be able to do something with the documents, so it must be able to use the API of the document's application. This API itself might contain some functions that can access the disk (and in fact it has as nearly *everything* OOo can do is accessible through its API) so you won't win anything by removing the "naughty" functions from the macro language itself. Even the JavaScript binding of OOo (yes, there is one built upon a JS interpreter implemented in Java) allows to use this functionality! As an example, even if OOo Basic didn't support opening a file on disk with the "Open" command you still could use the UCB or SimpleFileAccess services of the OOo API to achieve the same. So as removing these functions from the OOo API is not an option (it would remove OOo's ability to write its documents to the file system) the whole API and the technology that is used to access it (UNO) must be changed to support a security concept like the mentioned sandbox that prevents some of the functions from working if it is called from within a document macro. This is where I say: don't try it, it's a huge effort and it can create new security holes that are hard to find and fix. Ciao, Mathias -- Mathias Bauer (mba) - Project Lead OpenOffice.org Writer OpenOffice.org Engineering at Sun: http://blogs.sun.com/GullFOSS Please don't reply to "[EMAIL PROTECTED]". I use it for the OOo lists and only rarely read other mails sent to it. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
