On Thu, Aug 7, 2008 at 8:46 AM, Vincent Massol <vincent(a)massol.net> wrote:
On Aug 5, 2008, at 5:29 PM, Pascal Voitot wrote:
[snip]
To
summarize, I think the fact that outside macros execute before
nested macros prevents dangerous things to happen in general. Now I
haven't analysed all cases yet so if you see something dangerous
please let me know so that I can fix it while it's possible.
So you think this might no be dangerous to use include for groovy?
It's exactly like now. If your groovy script is dangerous, whether
it's in one a standalone page or included in another page, it'll still
be as dangerous so you'll need to protect it. If the page is itself
protected the include will fail (not implemented yet in the new
rendering but planned). Thus you should either protect the page or use
an if to test for some rights.
One possibility we have would be to add an executionRights parameter
to the groovy macro in the new rendering that would default to
"programming" so that only users with programming rights would be able
to execute a groovy macro by default (to allow anyone you would add
executionRights="view"). Basically this would simply do the test for
rights on behalf of the programmer.
WDYT?
This is a philosophical question ;)
What do you prefer: let people control security completely or enforce some
basic security because people can't be expert immediately?
To my mind, ensuring some basic security controls is safer... And also
providing a mechanism to toggle it off knowing what you do...
So why not add this execution right control by default in the groovy macro
and provide an option allowing everyone to execute this groovy macro!
It would also prevent the groovy parsing and execution which is not bad for
performance and memory!
To answer
your question Pascal, you would write:
{{groovy}}
... some groovy code...
{{/groovy}}
{{include document="... page containing a groovy macro..."
context="current"/}}
Let me know if I missed something.
I have a question: if you create a groovy object in the first
{{groovy}},
could you use it also in the {{include}} (if it basically contains
also
{{groovy}} script) since you include the doc in current context?
I mean: are these 2 completely different groovy executions or do
they share
the same execution context?
Yes they'll share the same context.
Thanks
-Vincent
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs