Hello, I had a random thought pop in my head about TiddlyWiki GitHub saving security the other day, and couldn't think of my own solution, so I thought I'd ask.
My question is this: From the TiddlyWiki GitHub saving file (https://github.com/Jermolene/TiddlyWiki5/blob/master/core/modules/savers/github.js), it looks as if the entire wiki file (ie from html tag or similar) is placed inside a new commit for the user's given repo. Correct me if I'm wrong, but this seems to be completely insecure. If it does work the way I described (.get() request to GitHub to get SHAs and pushing to provided filename), then what is keeping a user from inspecting the code (Right Click>Inspect) and adding a <script>var addedVariable = document.cookie;</script>, or adding TW5 saved localStorage password value with <script>var addedVariable=localStorage.getItem('PASSWORD-LocalStorageName');</script> and then waiting for someone with proper permissions to come through and save. The way that this is working in my head (probably completely wrong) is that this variable would be saved as it's inside the bounds of the tag innerHTML, and run each time the wiki is opened. As TiddlyWiki is single-file when downloaded as empty, I can't envision a multi-file system where each Tiddler is saved to a different .txt file, per say, which is the way I would have approached this. -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/bd7284b4-861a-42c5-be25-d77a6eacdc98n%40googlegroups.com.
