[Sugar-devel] HTML activities

Daniel Narvaez dwnarvaez at gmail.com
Tue Jan 29 09:11:57 EST 2013

Previous message: [Sugar-devel] HTML activities
Next message: [Sugar-devel] [ASLO] Release Card Sort-9
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 29 January 2013 14:52, Gonzalo Odiard <gonzalo at laptop.org> wrote:
>
>>
>> I added as well an example for dbus methods, you can delete DS entries now
>> :) http://dev.laptop.org/~erikos/html-activity/
>>>>
>>>>
>
> And can be accessed by http and scripted? This is a good example of one
> thing we don't want happen accidentally, right?
> Script kiddies removing the datastore content?

You cannot access localhost from js provided by a remote page, if
that's what you are worried about. I don't remember if we have any
limitation in place right now about doing it from another activity. I
guess not but probably we should :)

We do need to think carefully about the security implications of all of this.

Previous message: [Sugar-devel] HTML activities
Next message: [Sugar-devel] [ASLO] Release Card Sort-9
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Sugar-devel mailing list