[texworks] Scripting updates

Stefan Löffler st.loeffler at gmail.com
Mon Nov 29 08:19:00 CET 2010


recently, I've committed some changes concerning script security and
file access in scripting. In particular, the following changes were made:
 * Use of scripting plugins (i.e., lua and python bindings) are now
configurable via the preferences dialog and are *disabled* by default;
the reason for this is twofold: on the one hand, these scripting
languages are very powerful - they can easily bypass any security
restrictions Tw enforces - and thus potentially unsafe for the average
user unaware of the peculiarities of these languages; and on the other
hand, I haven't seen these widely adopted yet (the users that are out
there can easily enable plugins support).
 * Write access for scripts; again, this is configurable in the
preferences dialog and turned off by default for security reasons. BTW:
writing is performed in utf8 encoded text-mode.

Read access will be changed as well, but there are still a few details
to work out first.

Please test if you can, and tell me if something doesn't work as
expected with these changes (no need to retest all the other stuff that
hasn't changed ;)). Or if you can imagine/find any security loop-hole
I've overlooked.


More information about the texworks mailing list