I've been working on the viewer code a bit, and have started to be a little concerned about the way we launch viewers and whether it is fully secure.
I guess my current question concerns the Format::viewURL() routine and the way it is called from InsetHyperlink::viewTarget(). At the moment, unless the hyperlink is explicitly marked as a file, we treat it as if it is a URL and call the viewer for the html format. This seems wrong, if only because it we seem to be trusting the user a bit too much here.
Thoughts? Richard
