• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: AppleScript & HTML Again...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AppleScript & HTML Again...

  • Subject: Re: AppleScript & HTML Again...
  • From: Peter Bunn <email@hidden>
  • Date: Thu, 25 Mar 2004 11:29:00 -0600
(Sigh...)

Yesterday and today various folks wrote (in effect):

>Don't do it.

I will likely bow to the collective wisdom, but for the record, I will
provide a skeletal description of how Missing Link works. It is a
protocol based script application. It handles information embedded in a
URL much like the AppleScript URL protocol does, but uses that
information differently. At present, _all_ it does is pass the
information to a secondary handler app to display the URL's content.

Again, I stress that ML is intended for local use only. However, there
are certain safeguards 'built in'. The user may choose a unique name for
the protocol. Any link that is not prefixed by the proper protocol name
will be ignored by the ML 'engine'. It is, in a sense, a passworded
protection. Additionally, the engine only handles links with addresses
absolute or relative to the local machine(s). If it's fed an improperly
addressed link, it errors and quits. Relative links are relative only to
user created and uniquely named folders or items within the Application
Support folder.

This example:

A HREF="Protocol Name:My Machine/Users/pb/Desktop/Handler"

...will work _only_ if all elements of the link are 'true'... that is, if
the handler exists in that location and the protocol name is the same as
the one the user has specified. A hacker must know all these elements in
order to do something malicious.

I don't know if the preceding will alleviate concern or not. I should
have provided at least this much operational detail in my first post,
but...

It strikes me that there are vulnerabilities inherent every time we turn
our machines on. I may be myopic, but I don't see that doing something
in this manner introduces much additional risk.

Anyway...

Peter B.

-----
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.

  • Prev by Date: RE: AppleScript & HTML Again...
  • Next by Date: Re: Applescript URL protocol (Was applescript & HTML)
  • Previous by thread: RE: AppleScript & HTML Again...
  • Next by thread: Re: AppleScript & HTML Again...
  • Index(es):
    • Date
    • Thread