From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-x22b.google.com (mail-wi0-x22b.google.com [IPv6:2a00:1450:400c:c05::22b]) by hurricane.the-brannons.com (Postfix) with ESMTPS id 0CB1F7895D for ; Fri, 25 Sep 2015 15:13:03 -0700 (PDT) Received: by wicgb1 with SMTP id gb1so37823310wic.1 for ; Fri, 25 Sep 2015 15:16:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=M89PRvnqIIqhAmhq+d0x553wJkvuxDYtZ1afqVDC4IA=; b=ycTrkCMJvNCB5ySpZ3ysM1UU5102zDQ9C/fDmaoS1K7bKmqyYdsakT0PCaXMmty0AN XgPQWN52rBkUe14o8cR1o+pBG6mcfm3eQQjM4NXN4HwmeLTWaGxGlCzpGe0Oia5lQPBQ /Hs5l9rAQlAyAwurj7IDir4auXABK3yhEOVYak4MU1HkxyKpEQXt1d5rRKqsDdDXBIU9 jZuqEAiRCCejoF5syF3oWEMbU1PoeSLIgYPZDbkAJ1yWB/iyIuIbNMUIwJUNbFNSvaKI IkQOs0XuK1ed8fsmT6bu/ApjHvTp3wPvjusA0Y3VrhbngLXIETSVTS1yycJnBe1W8uqs xXSw== X-Received: by 10.180.102.67 with SMTP id fm3mr5909562wib.2.1443219374625; Fri, 25 Sep 2015 15:16:14 -0700 (PDT) Received: from toaster.adamthompson.me.uk (toaster.adamthompson.me.uk. [2001:8b0:1142:9042::2]) by smtp.gmail.com with ESMTPSA id o10sm5299462wia.4.2015.09.25.15.16.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 25 Sep 2015 15:16:14 -0700 (PDT) Date: Fri, 25 Sep 2015 23:16:12 +0100 From: Adam Thompson To: Kevin Carhart Cc: Karl Dahlke , Edbrowse-dev@lists.the-brannons.com Message-ID: <20150925221612.GJ2254@toaster.adamthompson.me.uk> References: <20150825032502.eklhad@comcast.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="NgG1H2o5aFKkgPy/" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Subject: Re: [Edbrowse-dev] js command line access X-BeenThere: edbrowse-dev@lists.the-brannons.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Edbrowse Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Sep 2015 22:13:03 -0000 --NgG1H2o5aFKkgPy/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 25, 2015 at 12:55:47AM -0700, Kevin Carhart wrote: >=20 > >This is damn clever! >=20 > The idea is actually courtesy of Chris Brannon, > because we were once emailing briefly about this thing > called MozRepl. I took it from there and found > bits of javascript on that idea. So thank you Chris! Definitely, sounds seriously cool, I'm thinking in particular about when I start playing with js engines etc, not to mention all the times when I wish= for an equivalent to the various developer consoles in other browsers. > I know there are security issues, and you should > not allow arbitrary strings to get run as code. In this case I don't really see the security argument. The user is typing in the js, so it's only as insecure as... say... a shell or the like. As for the security of the site on the other end of the connection, plenty of tools already exist (including extensions to the major popular browsers I think) to mess with js behavior. > I assumed this feature was too underground to mention, > or I may have mentioned it sooner. Grin. Personally I'd document it. There's nothing worse than an undocumented feat= ure like this, that's one of the ways things fail to be maintained and security= holes happen. If it's there then not documenting it just means someone has to look at the code, and if they're looking for exploits they'll do that anyway. > We could use my code for this, but the output > has not been edbrowzised or carved into lines. > I don't bring it back into an edbrowse buffer. > So the output could be a pain in the butt at > the moment, but I could give you what I have > and you could optimize it. > It also depends on what you echo. Fair enough, I say put it in and we'll run with it from there. > Glad we might do this - it has certainly been > invaluable for me, Indeed. It also gives me some interesting ideas re: using Edbrowse for page automation. Cheers, Adam. --NgG1H2o5aFKkgPy/ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWBcesAAoJELZ22lNQBzHOtu8H+wRvhhc3t6NnlxXfql7ga/V2 Fa2fLlA063Dga139PPEdDqC4QeRPMAwx5vZIsXakkjiUTHFTf3ABLiXf0Dnqkls0 5CSNZgDCMsnu/3W1x9QLdC7bkKUpxIWkwKX6WeXNr5vV8UpZXltnszW8vtUV5UD+ PzTAcpfocxabsvudsn+ID+A6c83ToWe/YgRikPYjq5O1Nr9LbEJJ+5/CAPTbWVMV DB9G4SRN0JcnfiYy9og8Pci36sMziBsmRodCvqAFUn6Y1wz1i26eFViHTFrOhyAF jKM7iCzLbzvUyY8p2cU1IRvAz8YBYHT2XEpQQWsStVM1ilohuOcG2kNY17yXeIo= =0nn4 -----END PGP SIGNATURE----- --NgG1H2o5aFKkgPy/--