Hello old friends,
I'm working with the CIO at my University to see if it is possible to serve
tiddlywiki files on our Web site.
These are two concerns that have been raised:
- Adding the TiddlySpot PHP script to enable rewriting from the browser
is a potential security vulnerability that needs to be thoroughly vetted by
the web team.
- Exposing core JS files that can be publicly edited and have changes
applied from the browser is a potential XSS vulnerability.
Not sure what the first means ("TiddlySpot PHP" script - I had sent him a
wiki served on TiddlySpot as an example of a page I wanted to host on our
site). Could I eliminate that by building wikis from scratch on the
desktop, or using TiddlyDesktop, or even on google drive?
The second - any thoughts? Can changes to the JS be applied from the
browser?
(Is this question better asked in the TiddlyWiki dev group
<https://groups.google.com/forum/#!searchin/TiddlyWikiDev/xss%7Csort:date>
-- a place I've always feared entering... :)?
Thanks for your help!
//steve.
--
You received this message because you are subscribed to the Google Groups
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to tiddlywiki+unsubscr...@googlegroups.com.
To post to this group, send email to tiddlywiki@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit
https://groups.google.com/d/msgid/tiddlywiki/e414e8bf-7166-42bd-becb-52ee8c0b9a6c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
