I would like to point out that modules downloaded from a source other than an
endorsed repository could contain all kinds of stuff the user might not like.
The entire module is suspect. The .conf file is the least of worries.
I am not concerned about escaping other markup. The official position is that
we don't support any other markup beyond HTML <a href...> links. The behavior
of including any other markup is undefined and bad practice. I am not concerned
with preventing it. Practically though 90% of our frontends use HTML displays
for most everything and thus other HTML tags will likely work.
I don't see the security issue. It's like opening a Word doc attached to an
email from a stranger. You are not guaranteed it won't do something unkind.
This is why we have endorsed SWORD repositories. To prevent all unkind things
from ever happening would be like Word trying to prevent the same. It would
occupy man years and never accomplish the goal.
Thoughts?
Troy
On December 30, 2018 2:57:48 PM MST, "ref...@gmx.net" <ref...@gmx.net> wrote:
>_______________________________________________
>sword-devel mailing list: sword-devel@crosswire.org
>http://www.crosswire.org/mailman/listinfo/sword-devel
>Instructions to unsubscribe/change your settings at above page
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
sword-devel mailing list: sword-devel@crosswire.org
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
