ok, nice write up.
On 07.05.21 07:38, Dave Fisher wrote:
Hi -
The discussion should proceed considering how appopen.cpp is actually coded.
I’m writing from memory so you will need to match my description to the actual
variables and constants
On May 5, 2021, at 5:37 AM, Arrigo Marchiori <ard...@yahoo.it.INVALID> wrote:
Hello,
On Wed, May 05, 2021 at 07:08:11AM +0000, Peter Kovacs wrote:
The best approach I believe is to add a whitelist feature as for macro
files.
Users can add then the links they wish to approve.
Do you mean file-based whitelists instead of target-based?
I will try to explain myself better: the current filter on AOO 4.1.10
is target-based, because it is the target of the link that triggers
the warning. Are you suggesting to add a whitelist based on files, for
example "allow any links in documents from this directory"?
If so, would you use the same whitelist as for macros, or would you
introduce another one?
Other ideas that come to my mind at the moment, just for the sake of
this discussion:
1- whitelist individual targets such as ".uno:Reload" and any other
``complaints'' we will received between one release and the next;
There is such a list of extensions that we are likely to trust. That list has
not been updated in some time and one change we made was adding OpenOffice help
files to that list. We should look into expanding the list.
2- whitelist all ".uno:" targets (but would this open possible
malicious exploits?)
We do know about a set of protocols. There were four (IIRC) openoffice specific
ones. We chose to trust the help protocol.. .uno is another. We should think
about trusting all four by understanding better what each do.
3- add a generic box "don't ask any more" on the warning window, that
disables _any_ future warnings;
Alternatively the code has three settings of which two cannot be selected.
1. Trust hyperlinks with a certain combination of protocol and extension.
2. Trust all hyperlinks
3. Trust no hyperlinks other than help files.
We should enable the setting of once of these three existing constants of
hyperlink trust as a user setting.
4- add a generic box "don't ask any more" on the warning window, that
disables future warnings for the _protocol of the current link_ (for
example all http:// or ftp:// or uno: links);
5- add a generic box "don't ask any more" on the warning window, that
disables future warnings for the _target of the current link_ (for
example ".uno:Reload" or "http://server.com/document.html";);
6 - We do need to improve the dialog to better explain the risks/
All The Best,
Dave
6- .... any other ideas worth discussing? ....
Best regards.
On 04.05.21 16:05, k...@kshelton.plus.com wrote:
For some years I've had a Reload button in my Calc document to avoid having to
use the File menu. Just updated to 4.1.10 and now I get a message when pressing
Reload button:
This hyperlink is going to open “.uno:Reload”. Do you want to proceed?
Is there a way of switching off this message please?
Thanks.
Regards
Keith Shelton
--
This is the Way! http://www.apache.org/theapacheway/index.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
--
This is the Way! http://www.apache.org/theapacheway/index.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
