Greetings all; Apologies for the encrypted version that went to the lists.here it is unencrypted. thoughts on the subject in line knmc, the other Keith in the room. ;) On 2021-05-05 08:37, Arrigo Marchiori wrote: > Hello, > > On Wed, May 05, 2021 at 07:08:11AM +0000, Peter Kovacs wrote: > >> The best approach I believe is to add a whitelist feature as for macro >> files. >> >> Users can add then the links they wish to approve. From a strictly process standpoint. I see a major problem with a "white list" that depends on a user manually entering data or picking from a drop-down list or multiple check boxes. The "average user" who may well not know what ftps or .uno:is and does is likely to go for the "all of the above" option. Given that aim of what were a re discussing is a fix to a security vulnerability, that would be the last thing we would want anyone to choose.
>
> Do you mean file-based whitelists instead of target-based?
>
> I will try to explain myself better: the current filter on AOO 4.1.10
> is target-based, because it is the target of the link that triggers
> the warning. Are you suggesting to add a whitelist based on files, for
> example "allow any links in documents from this directory"?
>
> If so, would you use the same whitelist as for macros, or would you
> introduce another one?
>
> Other ideas that come to my mind at the moment, just for the sake of
> this discussion:
>
> 1- whitelist individual targets such as ".uno:Reload" and any other
> ``complaints'' we will received between one release and the next;
This could be a reasonable solution though I do see potential drawbacks.
1) Is dependent on
>
> 2- whitelist all ".uno:" targets (but would this open possible
> malicious exploits?)
>
> 3- add a generic box "don't ask any more" on the warning window, that
> disables _any_ future warnings;
>
> 4- add a generic box "don't ask any more" on the warning window, that
> disables future warnings for the _protocol of the current link_ (for
> example all http:// or ftp:// or uno: links);
>
> 5- add a generic box "don't ask any more" on the warning window, that
> disables future warnings for the _target of the current link_ (for
> example ".uno:Reload" or "http://server.com/document.html";);
>
> 6- .... any other ideas worth discussing? ....
>
> Best regards.
>
>> On 04.05.21 16:05, [email protected] wrote:
>>> For some years I've had a Reload button in my Calc document to avoid having
>>> to use the File menu. Just updated to 4.1.10 and now I get a message when
>>> pressing Reload button:
>>>
>>> This hyperlink is going to open “.uno:Reload”. Do you want to proceed?
>>>
>>> Is there a way of switching off this message please?
>>>
>>> Thanks.
>>>
>>> Regards
>>> Keith Shelton
>>>
>>>
>> --
>> This is the Way! http://www.apache.org/theapacheway/index.html
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>>
>
signature.asc
Description: OpenPGP digital signature
