[GNC] Use of Webkit-GTK in GNC
John Ralls
jralls at ceridwen.us
Mon May 18 23:00:04 EDT 2020
> On May 18, 2020, at 11:51 AM, Mark Sutton <mes at lazo.ca> wrote:
>
> On Mon, May 18, 2020 at 10:48:12AM -0700, John Ralls wrote:
>> Don't hijack threads, it's rude. Start a new one when you have a new question.
>>
>> OFX Direct Connect is just like importing an OFX or QFX file downloaded from your bank's website except that it will connect to the bank and get the OFX file for you.
>
> I hope this does not seem like a hijack, but this discussion made me think
> I should ask a question that has been on my mind since Jan.
> What is the use profile of webkit in gnucash. I thought for some reason
> it only was used to render reports created by gnucash. ie. never interacts
> with foreign data. Is that correct? I wonder because of remote exploit-ability
> of versions prior to 2.26.3.
At least you changed the subject line, but I don't see why you didn't just create a new message instead of replying to an unrelated one.
Yes, GnuCash uses webkit only for rendering reports and doesn't expose the WebKit API to scripting, though a bad actor with privs to install arbitrary files into a users directory could get WebKit to read a maliciously installed file. On the other hand if a bad actor has that kind of access to your machine there are probably less arcane ways cause trouble.
Regards,
John Ralls
More information about the gnucash-user
mailing list