MobileRead Forums - View Single Post

eschwartz · 06-06-2020, 10:37 PM

Ugh, this is just amazing in all the bad ways.

Thanks Diap for pointing me at this. I can certainly backport the relevant sigil/pageedit commits to my Arch package. But before I do so -- given the discussion that's happened here AFTER your PM, is this still something you'd recommend doing? If you're going to write a custom protocol very soon, is that something I should be waiting for instead?

(Javascript should be disabled by default, so users who enable it will not be walking into this security hole by accident. So it seems reasonable to make things work for most users. Maybe I could print a post_upgrade message warning that qt has broken the security hardening if you've enabled javascript, and it should only be enabled if you trust the book.)

06-06-2020, 10:37 PM	#38
eschwartz Ex-Helpdesk Junkie Posts: 19,421 Karma: 85400180 Join Date: Nov 2012 Location: The Beaten Path, USA, Roundworld, This Side of Infinity Device: Kindle Touch fw5.3.7 (Wifi only)	Ugh, this is just amazing in all the bad ways. Thanks Diap for pointing me at this. I can certainly backport the relevant sigil/pageedit commits to my Arch package. But before I do so -- given the discussion that's happened here AFTER your PM, is this still something you'd recommend doing? If you're going to write a custom protocol very soon, is that something I should be waiting for instead? (Javascript should be disabled by default, so users who enable it will not be walking into this security hole by accident. So it seems reasonable to make things work for most users. Maybe I could print a post_upgrade message warning that qt has broken the security hardening if you've enabled javascript, and it should only be enabled if you trust the book.)