Re: gnome-devel-list digest, Vol 1 #777 - 5 msgs



Date: Wed, 13 Mar 2002 13:07:51 -0500
From: "Manuel Amador (Rudd-O)" <amadorm usm edu ec>
To: gnome-devel-list gnome org
Subject: Re: 1:30am URL handler idea


--------------090408030703060406050307
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Bradford Hovinen wrote:


On Fri, 2002-03-08 at 01:43, Sean Middleditch wrote:


Heya everyone...

Assuming that the URL handler configuration is going to stay in GNOME
(for the various URL types, like SMB and mailto and such), the
configuration is a pain for the average user.

What I was thinking was that applications could set (in some kind of
database - most likely gconf) a set of type/name/command settings. I.e., Evolution would have, for URL type "mailto", an entry with name
"Evolution" and command "evolution '%s'".

Now, in the URL configurator, for each URL type, there would be a drop
down box containing all the registered apps (plus one entry for custom,
along with a blank line, or also None).  Thus, if I had Balsa,
Evolution, Althea, etc. installed, I could go to the CC and just select
"Balsa", instead of typing in a command string (which is mean to ask of
newbies/idiots).


Improved support for URLs is _great_, I think that widespread
easy-to-use support would really help users.
Think of your local system as if it were a world-wide-web, where users
can easily click to go from one object to other.
E.G., from Nautilus you see a file, you can right-click to go to
the package description showing where it came from,
and/or the documentation related to it, and type in
search commands that would display anything (info, man, etc.).
Man pages could have hypertext links to info pages, etc.

HOWEVER, be careful how you implement the "execute this program"
command, because some of those URLs are from untrusted users.
Depending on how it's implemented, you might be subject
to attack from people who create pages like this:

<a href="http://www.yahoo.com'; rm -fr /">click here</a>.

This is easy to counter; the program to invoke URLs can check
if it's a valid URL, and the code can be written so that URLs aren't
interpreted by the  shell (e.g., vulnerable to shell metacharacters).


--- David A. Wheeler






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]