On Sun, Aug 30, 2020 at 03:01:50PM +1000, Tim Connors wrote: > On Sun, 30 Aug 2020, Craig Sanders wrote: > > the "security issues" comes from blindly executing code/commands that you > > don't understand.
ok, yeah, I should have started that line with "MOST OF" > > treat everything as just an example that needs further research. never > > execute > > something posted by someone else(*) unless you know what it does and how > > and why. > > It theoretically is not safe to simple paste the selection into an editor > before vetting it. Through CSS and javascript, what you select in a > browser and what ends up in the copy-paste buffer are frequently > different. It's true that there's a risk if you're copying from a web page (or something else that does css and/or javascript - or any kind of scripting, there's a difference between "dead" static data and active scripting, which is one of the reasons I hate over-use of javascript in the web, it's analagous to the difference between a live virus and a dead one). Especially so if you're just copying from some random site you have no reason to trust....and less so if you're copying from a well-known, mostly-trustworthy site like one of the stack-exchanges (but remember that this still doesn't protect you from errors). not true if you're copying plain text from a text mail client like mutt. also not much of a risk if instead of copy-paste, you save the email or web page or whatever to a text file and then extract what you need from the text file. craig -- craig sanders <[email protected]> _______________________________________________ luv-main mailing list [email protected] https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
