[Dev] Sharing scripts and security
Morgen Sagen
morgen at osafoundation.org
Thu Sep 8 13:24:22 PDT 2005
On Sep 8, 2005, at 1:08 PM, Heikki Toivonen wrote:
>
> 2. When you do get a script in a share, it should be disabled by
> default. Suppose someone shared a script with you bound for F5 (which
> you didn't yet have bound to anything) and you accidentally pressed F5
> at some point causing the malicious script to run without you
> realizing
> it. Obviously users need a way be able to enable a script for
> sharing to
> make sense.
Shall we add an 'isEnabled' boolean attribute to the Script kind and
have its initialValue be False? That way, when a Script is imported
via the sharing framework, it will automatically be disabled without
the sharing framework having to do anything special.
More information about the Dev
mailing list