<html>
<head>
<base href="https://bugs.documentfoundation.org/">
</head>
<body><span class="vcard"><a class="email" href="mailto:mikekaganski@hotmail.com" title="Mike Kaganski <mikekaganski@hotmail.com>"> <span class="fn">Mike Kaganski</span></a>
</span> changed
<a class="bz_bug_link
bz_status_RESOLVED bz_closed"
title="RESOLVED WONTFIX - Relative linked text sections should automatically read on document opening"
href="https://bugs.documentfoundation.org/show_bug.cgi?id=135508">bug 135508</a>
<br>
<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>What</th>
<th>Removed</th>
<th>Added</th>
</tr>
<tr>
<td style="text-align:right;">CC</td>
<td>
</td>
<td>caolanm@redhat.com, sbergman@redhat.com
</td>
</tr></table>
<p>
<div>
<b><a class="bz_bug_link
bz_status_RESOLVED bz_closed"
title="RESOLVED WONTFIX - Relative linked text sections should automatically read on document opening"
href="https://bugs.documentfoundation.org/show_bug.cgi?id=135508#c8">Comment # 8</a>
on <a class="bz_bug_link
bz_status_RESOLVED bz_closed"
title="RESOLVED WONTFIX - Relative linked text sections should automatically read on document opening"
href="https://bugs.documentfoundation.org/show_bug.cgi?id=135508">bug 135508</a>
from <span class="vcard"><a class="email" href="mailto:mikekaganski@hotmail.com" title="Mike Kaganski <mikekaganski@hotmail.com>"> <span class="fn">Mike Kaganski</span></a>
</span></b>
<pre>(In reply to S.Zosgornik from <a href="show_bug.cgi?id=135508#c7">comment #7</a>)
<span class="quote">> Again, you speak about documents with links to external SITES while I speak
> about locale files.</span >
I speak about local files, too. If you automatically open a local file linked
to currently opened local file, you are at risk.
<span class="quote">> LibreOffice isn't a web-browser nor an email-client. It
> can't open web-sites other than in plain-text and the only concern would be
> about external images that could track the users.</span >
Wrong. You perfectly can reference other ODFs or OOXMLs from e.g. WebDAV (i.e.,
"http:/...")
<span class="quote">> So I can totally agree to a secure setting to prevent LibO to open remote
> files. Similar to the security setting of disable macros by default.
>
> But the dialog says: "The document contains one or more links to external
> data. Would you like to change the document, and update all links to get the
> most recent data?" And even if you chose "No" will LibO include the data of
> the linked document, just not updated to the current version.</span >
The data is cached in the opened document, so LO does not need to fetch
anything from other files.
<span class="quote">> Sure. buffer-overrun attempts can happen, even on local files downloaded
> from the wrong source. But the right solution should be to ask the user to
> execute macro data and open remote files rather than urge him to confirm his
> own documents on every opening.</span >
LibreOffice has no way to know if that's your documents or not.
Maybe Caolan and Stephan have their opinion on this?</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>