vi
commented
11 years ago BTW is opening arbitrary HTML page with Enki really secure?
Maybe there should be an option to not display preview by default?
Closed vi closed 11 years ago
vi
commented
11 years ago BTW is opening arbitrary HTML page with Enki really secure?
Maybe there should be an option to not display preview by default?
andreikop
commented
11 years ago 100% CPU load is probably expected result, if you are a loading endless jpeg.
There always is trade-off between usability and security. If I disabled preview by default, users would not know, that it exists. Nobody reads manuals.
I would offer:
Alt+P).andreikop
commented
11 years ago You are probably using git version, but it has old version string.
I changed master branch version from 12.08.5 to git
vi
commented
11 years ago If I disabled preview by default, users would not know, that it exists. Nobody reads manuals.
So I told about the option to not display... I aggree with all I would offer: points.
executing any JS.
Enki automatically executing JS? Maybe QWebKit options should be avaliable from user space? At least "enable JS", "enable plugins", "local resources can request external data", "enable images", "enable animations"... I expect them to be, for example, in View->Preview Options->...
andreikop
commented
11 years ago "JS Enabled" is available. A checkbox on the preview widget.
andreikop
commented
11 years ago 1 2 3 done
Now I have Enki v.12.08.5 started (no files currently open, before that there were Python and html files opened) and it's eating 99% CPU. It consumes 200M of virtual memory and 50M of "RES".
With strace (apart from the storm of
gettimeofday,stat64,write,poll,read,recv,clock_gettime) I seeIt's because of there was html page with
<img src="http://127.0.0.1:4444/"opened. http://127.0.0.1:4444/ was mjpeg (endless jpeg frames) data.