On Sun, Aug 30, 2020 at 03:01:50PM +1000, Tim Connors wrote:
On Sun, 30 Aug 2020, Craig Sanders wrote:
the "security issues" comes from blindly executing code/commands that you don't understand.
ok, yeah, I should have started that line with "MOST OF"
treat everything as just an example that needs further research. never execute something posted by someone else(*) unless you know what it does and how and why.
It theoretically is not safe to simple paste the selection into an editor before vetting it. Through CSS and javascript, what you select in a browser and what ends up in the copy-paste buffer are frequently different.
It's true that there's a risk if you're copying from a web page (or something else that does css and/or javascript - or any kind of scripting, there's a difference between "dead" static data and active scripting, which is one of the reasons I hate over-use of javascript in the web, it's analagous to the difference between a live virus and a dead one). Especially so if you're just copying from some random site you have no reason to trust....and less so if you're copying from a well-known, mostly-trustworthy site like one of the stack-exchanges (but remember that this still doesn't protect you from errors). not true if you're copying plain text from a text mail client like mutt. also not much of a risk if instead of copy-paste, you save the email or web page or whatever to a text file and then extract what you need from the text file. craig -- craig sanders <cas@taz.net.au>