Read-only mode: security properties

[Björn Ruytenberg]

Hello,

Having read through some of the LO documentation [1] and bug 80538 [2], 
it is my understanding LO's read-only mode is intended to prevent 
document edits.

Particularly interesting to me is its intended purpose regarding 
security. In Microsoft Office, the "Protected View" sandbox prevents any 
active content from being loaded [3], e.g.
- Embedded ActiveX/COM controls
- Hyperlinks (i.e. these are not clickable)
- VBA macros

One case in which the Office "Protected View" is triggered is when 
opening a document downloaded from a remote server. The user may then 
decide to disable the sandbox by clicking "Edit document".

In LibreOffice, the same use case appears to trigger "read-only" mode, 
also while showing a "Edit document" button. This would seem to suggest 
similar behavior to "Protected View", in that some protections may be 
provided. Unfortunately, I have not been able to find any LO 
documentation to confirm this. Can anyone give me some pointers and/or 
indicate where I could read up on this topic?

Thanks!

Kind regards,

Björn Ruytenberg


[1] https://wiki.documentfoundation.org/Faq/General/143
[2] https://bugs.documentfoundation.org/show_bug.cgi?id=80538
[3] https://technet.microsoft.com/en-us/library/ee857087.aspx