Op 02-10-2023 om 18:32 schreef Vivien Kraus:
Hi!
Are there other things to fix?
You forgot to include the warning of potential security issues in the
documentation -- I don't mean that Guile should fix the issues (it
can't), but rather that its documentation should inform the user that
th
On Tue, 2023-10-03 at 20:49 +0200, Maxime Devos wrote:
>
> subtle spelling error: subtleties -> subtleties
That's pretty subtle!
Op 02-10-2023 om 18:13 schreef Maxim Cournoyer:
Something I didn't notice previously:
Op 25-09-2023 om 16:29 schreef Maxim Cournoyer:
+ if (scm_is_string (args)) {
+ /* C code written for 3.9 and earlier expects this function to
+ take a single argument (the file name). */
+
Op 03-10-2023 om 20:56 schreef Dale Mellor:
On Tue, 2023-10-03 at 20:49 +0200, Maxime Devos wrote:
subtle spelling error: subtleties -> subtleties
That's pretty subtle!
Oops, I corrected the spelling error too early:
subtelties -> subtleties
OpenPGP_0x49E3EE22191725EE.asc
Descript
Hello!
Le lundi 25 septembre 2023 à 22:46 +0200, Maxime Devos a écrit :
> However, there are also some dangers on doing this
> thing -- the ‘external’ page https://example.com/data.json could
> redirect to
> http://localhost/unsecured-secret-but-its-localhost-only-so-it-is-safe
> .
Since you w
Op 03-10-2023 om 22:03 schreef Vivien Kraus:
Hello!
Le lundi 25 septembre 2023 à 22:46 +0200, Maxime Devos a écrit :
However, there are also some dangers on doing this
thing -- the ‘external’ pagehttps://example.com/data.json could
redirect to
http://localhost/unsecured-secret-but-its-localho
The best prevention is not allowing redirects at all or only
allowing redirections that keep the hostname intact -- while an
option for much software, it isn't an option for web browsers.
Partially scratch that -- restricting to ‘keeping hostname intact’ is
insufficient, becaus
Hello!
Maxime Devos writes:
> Op 02-10-2023 om 18:13 schreef Maxim Cournoyer:
>>> Something I didn't notice previously:
>>>
>>> Op 25-09-2023 om 16:29 schreef Maxim Cournoyer:
+ if (scm_is_string (args)) {
+ /* C code written for 3.9 and earlier expects this function to
+
Le mercredi 04 octobre 2023 à 00:30 +0200, Maxime Devos a écrit :
>
> > The best prevention is not allowing redirects at all or only
> > allowing redirections that keep the hostname intact -- while
> > an
> > option for much software, it isn't an option for web
> > browsers.
>
>
