Re: Applescript URL protocol (Was applescript & HTML)
Re: Applescript URL protocol (Was applescript & HTML)
- Subject: Re: Applescript URL protocol (Was applescript & HTML)
- From: Graff <email@hidden>
- Date: Thu, 25 Mar 2004 14:43:44 -0500
On Mar 25, 2004, at 12:37 PM, Peter Bunn wrote:
Earlier today, Brennan wrote:
Can I (for example) replace
'com.apple.scripteditor' with the application address of (say) Smile?
I don't know, but substituting my own protocol for 'applescript://' I
can
grab the encoded output and...
Does this represent a security hole that Apple created themselves?
No, because this just lets Script Editor load the document, it doesn't
execute it. That's up to the user to do. It's similar to if you
clicked on a PDF link on the web. The PDF is downloaded and opened in
your default PDF handling program. In fact Apple mentions this on that
web site:
URL Protocol Messaging is a safe, secure
method for sharing scripts. The execution
of transferred examples requires direct
action from the user and under no
conditions can a transferred script be
automatically executed.
-Ken
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.