<div dir="ltr">Just in case an example is required, hot off the press... <div><br></div><div><a href="https://threatpost.com/researcher-exploits-microsofts-notepad-to-pop-a-shell/145242/">https://threatpost.com/researcher-exploits-microsofts-notepad-to-pop-a-shell/145242/</a><br></div><div><br></div><div>-mb</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, May 31, 2019 at 12:02 PM Michael Butash <<a href="mailto:michael@butash.net">michael@butash.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Keep in mind, what you're asking to do (I think) is essentially allowing html and hosted files to transcend the browser to open files in the os and launch a file with a given application, with whatever consequences there are in doing so.<div><br></div><div>Think about the security implications of this. Microsoft thought this would be the shiznit with ActiveX 20+ years ago, and then everyone exploited it to death to introduce drive-by infections for the next couple decades. Embed some obfuscated powershell (or whatever is currently in vogue) in an office file, download, launch, and voila! Exploit. This is still how most phishers and malwares get in via email or http links, thanks microsoft. Same with CD/Flash-based autorun - another very bad idea that presumes far too much trust in what it's executing.</div><div><br></div><div>This presumes the end-application is exploitable (which you just presume as course with microsoft), but these sorts of methods are almost always exploited despite the os, even linux likely. Why Java and Flash made such a great malware runtime engine for 25 years, not to mention windoze itself with IE/ActiveX.</div><div><br></div><div>Better off looking at using some sort of server-side html5 text editing application, ala google sheet or like, and keep it server-side vs. trying to bring it into local executable space on your os. Or as mentioned, just URI launch a local text-editor, and know you'll have to re-upload an updated version one way or another.</div><div><br></div><div>Maybe misinterpretation of what you're trying to achieve, but sounds dubiously bad (which I think we're all saying). As ET mentioned, maybe just being poorly described what you are trying to accomplish.</div><div><br></div><div>-mb</div><div><br><div><br></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, May 31, 2019 at 11:38 AM <<a href="mailto:kitepilot@kitepilot.com" target="_blank">kitepilot@kitepilot.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">As Stephen said: no.<br>
With the short answer out of the way, and excluding the complicated overhead <br>
to setup such an environment just for that, your question begs another <br>
question:<br>
What are you trying to accomplishing?<br>
I looks to me more like you are asking the wrong (and probably confused) <br>
question than having an esotheric problem. :)<br>
ET <br>
<br>
<br>
Stephen Partington writes: <br>
<br>
> HTML? no. Javascript? possible. Most of the web is really designed to not<br>
> allow this. There are some powerful JS writers, LibreOffice in the web and<br>
> more. <br>
> <br>
> On Fri, May 31, 2019 at 10:16 AM Joe Lowder <<a href="mailto:joe@actionline.com" target="_blank">joe@actionline.com</a>> wrote: <br>
> <br>
>> Is it possible to write (the simplest possible)<br>
>> html code that will open a text file from a simple<br>
>> menu entry using the 'kwrite' editor ... that will<br>
>> allow me to write and edit in a pre-named text file<br>
>> and save the changes? <br>
>><br>
>> I do this now from the command line: <br>
>><br>
>> $ kwrite filename <E> <br>
>><br>
>> But I would like to be able to do it by simply<br>
>> clicking on an entry in a simple html menu. <br>
>><br>
>> These attempts do not work:<br>
>> <li><a href=file:/home/joe/notes>open notes text file</a><br>
>> <li><a href="exec kwrite notes">open notes with kwrite</a><br>
>> <li><a href="exec /usr/bin/kwrite notes">open notes with exec</a> <br>
>><br>
>> <br>
>><br>
>> ---------------------------------------------------<br>
>> PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
>> To subscribe, unsubscribe, or to change your mail settings:<br>
>> <a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br>
> <br>
> <br>
> <br>
> -- <br>
> A mouse trap, placed on top of your alarm clock, will prevent you from<br>
> rolling over and going back to sleep after you hit the snooze button. <br>
> <br>
> Stephen<br>
---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote></div>
</blockquote></div>