[Ti] Alert FOR TIGER OWNERS
Justin R. Miller
incanus at codesorcery.net
Tue May 10 19:40:05 PDT 2005
On May 9, 2005, at 8:32 PM, Chris Olson wrote:
> I've been looking at ways to make a widget program execute a shell
> script and haven't come up with a way to do it yet. At this point
> I think the potential for anything devastating is quite small.
> It's more an annoyance than anything, AFAICT.
Check out the "widget.system" method in the Dashboard howto guide.
Lets you make system calls from JavaScript -- I was able to execute
Subversion accessing my on-disk cached authentication info when
writing my first widget. However, you need to "lay out your
intentions" in the Info.plist file when building a widget to
basically tell the system that you need net access, need system
access, need local file access, etc. I'm not sure where this
security later comes in to play, but you need to declare these
abilities in order to use them in the widgets so the potential is
there to have a utility (or the system) disallow widgets that try
certain things.
--
Justin R. Miller
incanus at codesorcery.net
More information about the Titanium
mailing list