Comments (25)
And in online version, we will limit the url of the request, user can submit the api’s url that he/she wants us to enable. But these apis must be serviced by famous company or government like China Weather, but first of all, these apis’ owners must allow us to use their apis. If they don't allow it, we'll break the law.
from clipcc-gui.
From my point of view, it’s ok to add get/post extension in offline editor, but when the editor opens a project that uses external interaction extensions, it should give an alert to notify user that this project may be dangerous, then user can choose whether to disable external interaction function or enable it with limit.
from clipcc-gui.
It's not a good idea.
Someone may do the bad things before check.
from clipcc-gui.
It's not a good idea.
Someone may do the bad things before check.
My idea is that users only use it in the offline version without restrictions, the online version is restricted, which is similar to the aerfaying
from clipcc-gui.
It's not a good idea.
Someone may do the bad things before check.
Literally it is an unnecessary worry because every kinds of api all might have danger actions if anyone abuse it. So would you think std::ofstream
with for
statement in C++ is dangerous? Of course it can make huge numbers of files on your disk.
from clipcc-gui.
题如
为保证安全性可以仅开放离线编辑器使用,线上需要提前审批后使用
Well,
算了不写英文了,我的建议是在线时用户白名单过滤
from clipcc-gui.
题如
为保证安全性可以仅开放离线编辑器使用,线上需要提前审批后使用Well,
算了不写英文了,我的建议是在线时用户白名单过滤
What do you mean?
from clipcc-gui.
题如
为保证安全性可以直接开放离线编辑器使用,线上需要提前审批后使用好,
算了不写英文了,我的建议是在线时用户白名单过滤你什么意思?
I think API is not unnecessary,user can do it by theirself,why API?api will create risk.
from clipcc-gui.
。。。
我没说清楚吗
好吧,再说遍
在程序开始时:申请url(“https://www.baidu.com”,理由/作用)申请域名orIP(“baidu.com”,理由/作用)申请全互联网访问(理由/作用)
然后只有用户允许的才可以访问否则失败
用户也可以选择单步执行,当发起请求时弹出提示显示url,data,由用户审批,而不是管理
from clipcc-gui.
也可以加入申请并发起请求
from clipcc-gui.
题如
为保证安全性可以直接开放离线编辑器使用,线上需要提前审批后使用好,
算了不写英文了,我的建议是在线时用户白名单过滤你什么意思?
I think API is not unnecessary,user can do it by theirself,why API?api will create risk.
But there are some APIs that cannot be created by Scratch, especially for online APIs
from clipcc-gui.
用户在自己的设置(离线:编辑器设置,在线:个人设置)可以设置全局的白名单
from clipcc-gui.
。。。
我没说清楚吗
好吧,再说遍
在程序开始时:申请url(“https://www.baidu.com”,理由/作用)申请域名orIP(“baidu.com”,理由/作用)申请全互联网访问(理由/作用)
然后只有用户允许的才可以访问否则失败
用户也可以选择单步执行,当发起请求时弹出提示显示url,data,由用户审批,而不是管理
程序可以调用申请并发起请求临时请求权限
用户在自己的设置(离线:编辑器设置,在线:个人设置)可以设置全局的白名单,避免审批麻烦
from clipcc-gui.
题如
为保证安全性可以仅开放离线编辑器使用,线上需要提前审批后使用Well,
算了不写英文了,我的建议是在线时用户白名单过滤What do you mean?
。。。
我没说清楚吗
好吧,再说遍
在程序开始时:申请url(“https://www.baidu.com”,理由/作用)申请域名orIP(“baidu.com”,理由/作用)申请全互联网访问(理由/作用)
然后只有用户允许的才可以访问否则失败
用户也可以选择单步执行,当发起请求时弹出提示显示url,data,由用户审批,而不是管理
程序可以调用申请并发起请求临时请求权限
用户在自己的设置(离线:编辑器设置,在线:个人设置)可以设置全局的白名单,避免审批麻烦
All right, say it again At the beginning of the program: apply for URL ("HTTPS://www.baidu.com", reason/role) apply for domain name ORIP ("baidu.com", reason/role) apply for full Internet access (reason/role) Then access is only allowed by the user, otherwise it fails. The user can also choose to step into one step, and when a request is initiated, a prompt will pop up to display url, data, which will be approved by the user instead of being managed. The program can call the application and initiate a request for temporary request permission. Users can set a global white list in their own settings (offline: editor settings, online: personal settings) to avoid approval trouble.
from clipcc-gui.
。。。
我没说清楚吗
好吧,再说遍
在程序开始时:申请url(“https://www.baidu.com”,理由/作用)申请域名orIP(“baidu.com”,理由/作用)申请全互联网访问(理由/作用)
然后只有用户允许的才可以访问否则失败
用户也可以选择单步执行,当发起请求时弹出提示显示url,data,由用户审批,而不是管理
I think it's OK on the offline version. But to be honest, Most users cannot understand the specific meaning of these requests and understand their dangers. And this may cause legal disputes. I don’t think it’s a good idea to let users make their own choices
from clipcc-gui.
。。。
我没说清楚吗好吧
,再说遍
在程序开始时:申请url(“ https://www.baidu.com”,理由/作用)申请域名orIP(“ baidu.com”,理由/作用)申请全互联网访问(理由/作用)
然后只有用户允许的才可以访问否则失败
用户也可以选择单步执行,当发起请求时提示提示显示网址,数据,由用户批准,而不是管理我认为离线版本还可以。但老实说,大多数用户无法理解这些请求的具体含义,也无法理解其危害。这可能会引起法律纠纷。
所以你可以做个警告啊。。。
from clipcc-gui.
。。。
我没说清楚吗好吧
,再说遍
在程序开始时:申请url(“ https://www.baidu.com”,理由/作用)申请域名orIP(“ baidu.com”,理由/作用)申请全互联网访问(理由/作用)
然后只有用户允许的才可以访问否则失败
用户也可以选择单步执行,当发起请求时提示提示显示网址,数据,由用户批准,而不是管理我认为离线版本还可以。但老实说,大多数用户无法理解这些请求的具体含义,也无法理解其危害。这可能会引起法律纠纷。
所以你可以做个警告啊。。。
Read the comment again, plz
from clipcc-gui.
。。。
我没说清楚吗好吧
,再说遍
在程序开始时:申请url(“ https://www.baidu.com”,理由/作用)申请域名orIP(“ baidu.com”,理由/作用)申请全互联网访问(理由/作用)
然后只有用户允许的才可以访问否则失败
用户也可以选择单步执行,当发起请求时提示提示显示网址,数据,由用户批准,而不是管理我认为离线版本还可以。但老实说,大多数用户无法理解这些请求的具体含义,也无法理解其危害。这可能会引起法律纠纷。我认为让用户做出自己的选择不是一个好主意
当访问到除管理员审批的白名单外的地址时,同意则进行二次确认,并展示用户协议,对未知风险不负责
When an address other than the white list approved by the administrator is accessed, the consent will be confirmed for the second time, and the user agreement will be displayed, thus the user is not responsible for the unknown risks.
from clipcc-gui.
。。。
我没说清楚吗好吧
,再说遍
在程序开始时:申请url(“ https://www.baidu.com”,理由/作用)申请域名orIP(“ baidu.com”,理由/作用)申请全互联网访问(理由/作用)
然后只有用户允许的才可以访问否则失败
用户也可以选择单步执行,当发起请求时提示提示显示网址,数据,由用户批准,而不是管理我认为离线版本还可以。但老实说,大多数用户无法理解这些请求的具体含义,也无法理解其危害。这可能会引起法律纠纷。我认为让用户做出自己的选择不是一个好主意
当访问到除管理员审批的白名单外的地址时,同意则进行二次确认,并展示用户协议,对未知风险不负责
When an address other than the white list approved by the administrator is accessed, the consent will be confirmed for the second time, and the user agreement will be displayed, thus the user is not responsible for the unknown risks.
Please read the comment again
from clipcc-gui.
。。。
我没说清楚吗好吧
,再说遍
在程序开始时:申请url(“ https://www.baidu.com”,理由/作用)申请域名orIP(“ baidu.com”,理由/作用)申请全互联网访问(理由/作用)
然后只有用户允许的才可以访问否则失败
用户也可以选择单步执行,当发起请求时提示提示显示网址,数据,由用户批准,而不是管理我认为离线版本还可以。但老实说,大多数用户无法理解这些请求的具体含义,也无法理解其危害。这可能会引起法律纠纷。我认为让用户做出自己的选择不是一个好主意
当访问到除管理员审批的白名单外的地址时,同意则进行二次确认,并展示用户协议,对未知风险不负责
When an address other than the white list approved by the administrator is accessed, the consent will be confirmed for the second time, and the user agreement will be displayed, thus the user is not responsible for the unknown risks.
The law cannot fail because of a prompt
是协议
from clipcc-gui.
易语言写病毒还不是无罪啊
from clipcc-gui.
And in online version, we will limit the url of the request, user can submit the api’s url that he/she wants us to enable. But these apis must be serviced by famous company or government like China Weather, but first of all, these apis’ owners must allow us to use their apis. If they don't allow it, we'll break the law.
That's a good idea i think. If user's community level > somethings, the user will have the right to commit to admins to add some urls to seafty urls list ( ?
from clipcc-gui.
。。。
我没说清楚吗好吧
,再说遍
在程序开始时:申请url(“ https://www.baidu.com”,理由/作用)申请域名orIP(“ baidu.com”,理由/作用)申请全互联网访问(理由/作用)
然后只有用户允许的才可以访问否则失败
用户也可以选择单步执行,当发起请求时提示提示显示网址,数据,由用户批准,而不是管理我认为离线版本还可以。但老实说,大多数用户无法理解这些请求的具体含义,也无法理解其危害。这可能会引起法律纠纷。
所以你可以做个警告啊。。。
Warnings are often ignored, just as you never read any user agreement.
from clipcc-gui.
HTTPIO now work in progress
from clipcc-gui.
已完成
from clipcc-gui.
Related Issues (20)
- canary金丝雀版本在执行某些操作后无法加载新作品 HOT 1
- 切换语言后编辑器扩展启用状态丢失 HOT 1
- 无法正常拖动积木到别的角色 HOT 1
- SVG编辑异常
- JSON 扩展对转义字符的转义 HOT 2
- bug:JSON扩展未能正确将 " 转义为 \" 放入项目中 HOT 1
- 搜尋 篩選功能
- 扩展搜索没法用 HOT 1
- 懸浮方塊提示功能
- 左侧积木栏宽度过窄
- 从已有标签页直接跳转到codingclip,会呈现未登录的状态 HOT 1
- 建议建立扩展审核申请区 HOT 1
- 手机端很难使用编辑器 HOT 1
- 部分scratch官方扩展不能直接在编辑器里加载 HOT 3
- 社区发现页的“小编推荐”部分不能正常翻页 HOT 1
- 16:9 预览站 - 造型(背景)页崩溃 HOT 1
- 移動端設備音頻加載失效
- 别针社区将代码闭源,违背 AGPL3 代码许可证 HOT 1
- 播放页列表全屏显示异常 HOT 1
- 移动角色时角色被无故隐藏
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from clipcc-gui.