Re: AppleScript & HTML Again...
Re: AppleScript & HTML Again...
- Subject: Re: AppleScript & HTML Again...
- From: Walter Ian Kaye <email@hidden>
- Date: Fri, 26 Mar 2004 13:24:38 -0800
At 06:31p +0000 03/26/2004, Nigel Smith didst inscribe upon an
electronic papyrus:
At the moment, the only thing that makes Missing Link more dangerous than an
emailed AppleScript is that no user intervention is required to run *any*
script. Can you find a way round that? Only scripts with a certain
identification will be run, perhaps. Perhaps a white list of scripts, or a
white list of web pages from which scripts could be run. Each web page has
an address, so you could limit Missing Link to pages from a certain folder
on your machine, pages on a certain server, or pages which originate in your
subnet.
I've often thought about the ability to download and run an
AppleScript. In my case, the runner (aka HTTP helper) app would
analyze the script and check it against a whitelist. If it passes, it
gets run; if not, a dialog appears stating why it was, uh, arrested.
I think that's how Java's sandbox works, isn't it?
I don't know if there's any way for a helper app to know where its
file came from, so I don't see how you would check the address.
-boo
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.