[
https://issues.apache.org/jira/browse/JSPWIKI-628?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12802096#action_12802096
]
Murray Altheim commented on JSPWIKI-628:
----------------------------------------
Having written quite a number of plugins myself, I must agree with Andrew on
this, i.e., that this should not be part of the core distribution. I have a
number of plugins (such as the GroovyPlugin) that are very useful for me
working locally or within an intranet environment, but completely unsuitable
for use in a public, production environment.
After all the effort that has lately gone into improving security, and
considering the increasing sophistication of security attacks, it would seem
very counterproductive to add a new feature that potentially opens a large
security hole in the code, particularly considering the wholesale damage that
could be done in a wiki environment. It's hard to warrant any new features that
decrease security. For this reason alone I think it prudent to develop this
plugin independently, post it or a link to it on the JSPWiki site, and include
appropriate warnings (as we do elsewhere) on use of the plugin on public wiki
sites.
It may be very useful in secure environments but if it's part of the core
distribution it becomes part of every installation, which could be problematic.
Admins who want this functionality and understand the risks can easily install
the plugin.
> Load Plugin resources from classpath
> ------------------------------------
>
> Key: JSPWIKI-628
> URL: https://issues.apache.org/jira/browse/JSPWIKI-628
> Project: JSPWiki
> Issue Type: Improvement
> Affects Versions: 2.8.3
> Reporter: Jürgen Weber
>
> Some plugins require the browser to load files. E.g. the FreeMindPlugin needs
> the browser to load the applet's classes, or another plugin might need some
> flash code.
> Currently the solution is to attach these files to a page which has the sole
> purpose of having the attachment. This is kind of awkward.
> JSPWiki should have a mechanism (in JSPFilter?) which would load the file
> from the classpath. So for FreeMind the FreeMindPlugin.jar would additionally
> contain freemindbrowser.jar. The plugin would generate some markup that would
> make the Filter recognize that the parameter is to be loaded from classpath,
> e.g. <wiki:IncludeResource freemindbrowser.jar>
> I guess this could be done with a PageFilter, too, but the idea is to make
> installing plugins easier and having to add a filters.xml would be
> counterproductive, so the mechanism should go into core.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
