I'm trying to understand what the problem is. TW isn't multi-user. If someone can sit down at your desk and insert code, then you already have security problems way beyond code. Likewise, if you have a publicly exposed TW that anyone can save with, then you have security problems beyond a code hack.
So I'm not seeing what the concern is. If someone has the ability to save to your TW, then you already have a security breach, regardless of the nature of the inserted code. On Tuesday, August 17, 2021 at 7:21:56 AM UTC-7 R² wrote: > OK, got it to execute. For some mysterious reason, the first few > keypresses didn't do anything, then a few did, I clicked elsewhere and > modified another tiddler, the next few didn't, and when I went back to the > malicious tiddler to get it to execute again, it hadn't recorded keypresses > made in the other tiddler. It does seem as if it's at least partly > sandboxed but I'll defer to the core coders, I was just curious to see what > this was about. > > Best, > R² > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/2ad44e4a-e158-429d-ab8f-fac9cf905f89n%40googlegroups.com.
