add readme browser

[light-and-ray]

Info

https://github.com/light-and-ray/sd-webui-readme-browser This extension allows user to view readme files of extensions locally right inside sd-webui

Checklist:

• [x] I have read the Readme.md
• [x] The description is written in English.
• [x] The index.json and extension_template.json have not been modified.
• [x] The entry is placed in the extensions directory with the .json file extension.

[w-e-w]

tested extension works but I have some concerns

my main concern is external assets as it will access external resources if it's in readme so the online tag is required

but even with the online tag I think it's a good idea to have an option to not load external resources by default

similar to email services images hosted on github is "probably" fine, but any other assets should probably be guarded behind a checkbox or button

also links I think they should be a pop up warning users they're about to leave web UI I'm clicking on any external links

theres also the potential possibility of people embedding malicious JavaScript once they know such an extension like this exist

then again if some one wish to do harm it's much easier to directly write python code so this isn't really that big of a deal...

what do you think

---

btw I don't think you know this, I actually had the same exact idea but just didn't end up completing it, I called my version 'docs' my intention at the time was to first implement it as an extension and depends on the reception maybe implemented as a built-in extension, that's probably why I raise those concerns above

[light-and-ray]

so the online tag is required

Can be added. But the main feature is give access even if the user offline and this flag can confuse people But the description exists so no problem

but even with the online tag I think it's a good idea to have an option to not load external resources by default

I don't think so. Why? They don't sent any data e.g. prompts, models etc. Only ip and referer if the server is not local. Also it's hard to implement

theres also the potential possibility of people embedding malicious JavaScript

No. Markdown removes js code as I know. At least are erased, and I made a hack to get around it. And if the extension author left malicious js code inside their readme, they can left it right inside javascript/. They are authors. I don't load external md files

[light-and-ray]

images hosted on github is "probably" fine

Not fine, why people can't put them in repo XD I've made caching of them. Also have made for imgur, but it gives me Http 429 error 😵‍💫 I want to decrease numer of requests but they do the vice versa

[light-and-ray]

btw I don't think you know this, I actually had the same exact idea but just didn't end up completing it, I called my version 'docs'

I've made it for one day, so you extension should be much complicated. Also I think it's a very bed idea to add in webui directly because browsing readme and doc files for fun doesn't fit to it completly

[light-and-ray]

I know what can be really useful in webui. Convert github wiki into docs! https://github.com/AUTOMATIC1111/stable-diffusion-webui/wiki

I think your extension can be good! I think they, your and mine, have a bit different ideas. Maybe you want do make special docs for extensions and webui, parallel to readme files. And organize them all in one big tree or something similar 🎉

My extension is more for fun in development and browsing, and for rare cases when I don't have internet connections and want to read them. It's not a serious docs feature

[w-e-w]

so the online tag is required

Can be added. But the main feature is give access even if the user offline and this flag can confuse people But the description exists so no problem

if some is offline as in disconnected from the internet then they're most likely using web UI locally (they technically can be on a lan network running webui on another server) if using locally they might and need acaccess to the readme, they can open the readme directly on there PC without the extension and so they made advantage of extension is not offline access but more ease of use

but even with the online tag I think it's a good idea to have an option to not load external resources by default

I don't think so. Why? They don't sent any data e.g. prompts, models etc. Only ip and referer if the server is not local. Also it's hard to implement

but the reality is lots of people put images on GitHub which means those pages won't fully function offline from the couple pages I've test I already found lots of examples the most common ones connect to GitHub, but some connects to Buy Me a Coffee some of these external server can provide tracking functionality, the most benevolent is a view counter but in worst case they could be using gradio share and the browser decides to add a referral link in the request payload including the full URL of that share instance so someone can potentially access the link and gain access to their instance

I'm not entirely sure how this happens but I something like this happened in the past on GitHub repo traffic

some people wish to not connect to anything at all, I've seen people complaining about webui access Google fonts and stuff

tbh I think the majority of people that don't care about connecting to external service would probably just click the extension URL that takes them to get up on the extensions tab and the ones who are very sensitive about this probably have extra measures to prevent internet access

but the urrent online tag rule is essentially if a extension needs online access to function, aside from a few exceptions such as one time downloading of assets like modles not consequential of the checks to GitHub (generally regarded as "safe") or using PIP during install, then it needs the online tag in this case there is a chance of it requesting images from external source

in this case the extension may accessing external resources like images outside of users control during normal use, so it requires the online tag

currently the `online` tag it is not about if extension can function offline, it's more about if the extension will access online

I've considered introducing different levels of online tag, like, require online may access online one time completely offline but it's a lot of work

---

images hosted on github is "probably" fine

Not fine, why people can't put them in repo XD I've made caching of them. Also have made for imgur, but it gives me Http 429 error 😵‍💫 I want to decrease numer of requests but they do the vice versa

miscommunication what I meant by "fine" is from a security sensitivity standpoint since webui user are basically already using GitHub, and as far as I know GitHub does not allow access of the logs on who are accessing which files

---

Also I think it's a very bed idea to add in webui directly because browsing readme and doc files for fun doesn't fit to it completly

you miss the next sentence

"depends" on the reception maybe implemented as a built-in extension

[light-and-ray]

but in worst case they could be using gradio share and the browser decides to add a referral link in the request payload including the full URL of that share instance so someone can potentially access the link and gain access to their instance

I saw these share links in GitHub statistics. Fortunately almost all don't work. But it's really the worse what can heppen

It's called referer. By default browsers send fur referer inside one domain, between domains it sends only server address, not full url. It can be force disabled in html head section. I can make a PR to disable them globally in webui

[light-and-ray]

in this case the extension may accessing external resources like images outside of users control during normal use, so it requires the online tag

I agree, online tag is here

[light-and-ray]

But it's really the worse what can heppen

Fortunatly no! gr.Markdown automaticlly makes all links with this tab, look the html code: rel="noopener noreferrer" 🎉

So we need only to add this into extension tabs (Installed and Avaliable). Readme browser is already save, thanks gr.Markdown