Thread: Previsualisation broken
View Single Post
Old 06-10-2020, 03:34 PM   #63
KevinH
Sigil Developer
KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.
 
Posts: 7,651
Karma: 5433388
Join Date: Nov 2009
Device: many
Even if javascript is enabled as long as we do not allow unknown url schemes and load the base page using a file:// url, we should be safe. We also allow the Sigil user to disallow access to remote content and we block all POST methods. So I am feeling better about things.

Assuming we can figure out why BeckyEbook's won't work, I will clean this up to output only blocked messages to QDebug.

Until the time of our next release (however long that might be) we can work on hardening it even more if need be.
KevinH is offline   Reply With Quote