Hi Markus, I can summarize from my perspective. I good point was made that creating a directory is to be avoided. I think it comes down to the command-line way of launching surf, the alternative to launching surf from a launcher based out of the home folder. Say you call up surf just to download a file, from a working directory. You would expect the download to go into the working directly, as if you called curl or wget. With my original proposal, it would go somewhere unexpected. But with a prompt, the file can go anywhere safely. I originally had a prompt in my solution, but thought that Safari's solution to this webkit behavior would be better adopted, but Safari is not command-line driven, and surf clearly is.
Ben Original Message From: Markus Teich Sent: Wednesday, January 7, 2015 2:28 PM To: dev@suckless.org Reply To: dev mail list Subject: Re: [dev] security issue running surf from home folder Heyho, Christoph Lohmann wrote: > Theses patches have been discussed on IRC. The optimal solution has been > to make the default DOWNLOAD macro to ask for a string. If the string is > empty, pass ‐O to curl, if it’s non‐empty add ‐‐create‐dirs and ‐o > $string to curl. Is there a log from the discussion? I am interested in the reasons behind this proposal. --Markus