Re: Applescript & HTML Again...
Re: Applescript & HTML Again...
- Subject: Re: Applescript & HTML Again...
- From: Nigel Smith <email@hidden>
- Date: Wed, 31 Mar 2004 11:19:52 +0100
On 30/3/04 20:12, "John C. Welch" <email@hidden> wrote:
>
Update...I don't need the hard drive name...just tested this:
Remarkably similar to the HTML code I posted earlier, which also didn't use
a hard drive name :-)
>
Another idea that would help with ML security would be to have it only work
>
when activated from a page accessed via the " file:///" protocol instead of
>
"http://"; or anything else.
I was thinking about this, along with a domain name whitelist to allow
network admins to post pages with scripts for their users, but couldn't get
round the timing issues involved.
ML would have to ask the browser which page the clicked link was on.
Different AS coding for different browsers is relatively trivial *if* you
can guarantee that the frontmost window of the frontmost browser contains
the link that was clicked. What happens if the user clicks the link and, as
ML starts up, switches to another page or even another browser? Or if
someone improved my JavaScript to open "bad" window behind the initial
window.
One solution would be to scan the frontmost window content for a URL
matching the one passed to ML, but firstly that could be quite easily
spoofed (first window has identical link to "bad" window, maybe even
commented out) and secondly it might restrict JavaScript-generated links
which, while a worry, could be amazingly useful in the right situations!
Any ideas on how to get round this?
Nigel
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.