Plugin Security (Was Re: How do I create a
SqueakPlugin.imagefrom a 2.9a ?)
John M McIntosh
johnmci at smalltalkconsulting.com
Wed Jan 24 19:13:44 UTC 2001
>On Tue, 23 Jan 2001, John M McIntosh wrote:
>
>> >You completely disallow it? How about only disallowing it when the
>> >original squeaklet was not a "file:"-URL?
>>
>> We disallow the ability for a Smalltalk application to use the
>> browser interface to parse a file: URL. There is a interface in the
>> Smalltalk code that lets you give a URL to the browser and fetch back
>> the stream of data, or post a stream of data to the supplied URL.
>
>I know, I implemented that stuff for Unix ;-)
>
>My point is, when I locally test my plugin I may want to use "file:" URLs.
>OTOH, it may well work when I use relative URLs only ... I'll put
>disabling file: URLs onto my "to do" list, then. Do you fail silently or
>display a notifier?
>
>-- Bert
The macintosh code does
interpreterProxy->success(AbortIfFileURL(url));
if (interpreterProxy->failed()) {
return null;
}
Then it's up to the Smalltalk code to catch and handle the primitive
failure, can't say I looked to see what it does...
--
--
===========================================================================
John M. McIntosh <johnmci at smalltalkconsulting.com> 1-800-477-2659
Corporate Smalltalk Consulting Ltd. http://www.smalltalkconsulting.com
===========================================================================
Custom Macintosh programming & various Smalltalk dialects
PGP Key: DSS/Diff/46FC3BE6
Fingerprint=B22F 7D67 92B7 5D52 72D7 E94A EE69 2D21 46FC 3BE6
===========================================================================
More information about the Squeak-dev
mailing list
|