Open clarkio opened 5 years ago
Heard on roberttables
stream that there's concern of allowing people to open sensitive files if this feature auto opens the files viewers suggest. Just wanted to suggest possibly opening a VS Code notification with the filename and line number which may have an action in which you could choose to open that file from that notification. When you open the file you'll then see the highlighted line.
From @parithon on stream today: "Should it only be able to target files in open tabs?"
From @spatacoli on stream today: re: bringing focus to the specific file used for the highlight command "wouldn't that be annoying? you are typing code and all of a sudden you are typing in another file?"
I agree with this as it also could serve as a potential security risk if the file contains something sensitive such as API keys or passwords. Not automatically bringing the focus to the highlight in the other, not currently in focus files, will help prevent this from happening.
You could have a general blacklist of files that we know commonly have secrets, then as suggested by @paulkling could optionally have an ignore file.
Could also only have the highlight show up in the highlight tree view kind of like the notification suggested by @douglas-mason , maybe a different color if the file is not in the active text editor with a click-thru action that open the file... or even better, add to the context menu to open file so there is another layer protecting the streamer from accidentally opening.
Another option if the API allows it, highlight the file in the explorer tree view.
Burden will remain with the streamer to not just click and open the file but make sure its a file they want to open.
This issue should reference existing issue #16 - Certain files should not be allowed for highlighting
maybe .twichignore is too specific. Maybe more generic name like: .sensitiveignore, .secretsignore, .highlightignore something without a brand in it.
I'm leaning toward only including files that aren't ignored in gitignore and are in the workspace folder. I believe that would encompass the majority of the scenarios. We could keep track of additional files separate from gitignore but that would require an otherwise useless file in your source or another file that would become stale over time.
I agree, most things that have secrets in them you wouldn't be pushing to the repo, so I think using the gitignore would work fine.
May want to prevent some files from being included. May want to exclude secret files, or files that people might troll on. What would happen if someone tried to mark a line in a image?
Could this be pulled from .gitignore or .twichignore or some other file?