Hi, as a part of #12878 Stephan raised a question to what degree should we allow opening external links which are part of citation in the document (or rather part of .bib file).
Currently we allow opening links stored in the "url" field of bibtex entry or files stored in "file" field by entry in the context menu; what's worse we don't show the link, so one can not check url itself - malevolent url can be provided (e.g. attacker web site, or maybe url scheme trying to execute some local stuff). (We also allow similar thing for hyperlink insets, but we at least show the target in caption of the inset.) Now what are your opinions what we should do about it? 1) nothing. 2) add dialog before launching url. safer but super annoying. 3) add dialog before launching url + dont ask again checkbox. not implemented - we'll also need to add session keys, which get erased often. 4) add link target to context menu (non trivial to implement) 5) add (by default disabled) checkbox in security preference to allow opening links for citations and hyperlinks similarly as we do with scripts. 6) ? I tend to go for 5, but there might be other options I did not think of... Pavel -- lyx-devel mailing list lyx-devel@lists.lyx.org http://lists.lyx.org/mailman/listinfo/lyx-devel
