See also: SecurityHandling in tiddlyspace
TiddlySpace as it is currently arranged contains multiple vectors by which a mischievous person could inject executable code into another users browser session. This follows inevitably from the fact that TiddlySpace is explicitly a system designed to allow trusted decentralised groups to share JavaScript code.
In mitigation, TiddlySpace is equally clearly a publishing system to help people share information, and not a system designed to securely keep secrets. TiddlyWiki itself is anyway already uniquely placed to allow individuals to manage personal information as securely as they can manage any file.
The most important vectors for malicious code are consequences of intentional features of TiddlyWiki:
In partial compensation for the removal of useful features, I propose that we add core support for Safe Scripted Transclusions. We also need to take Social Measures for Information Security in TiddlySpace.
Another potential defence would be to allow users to choose different degrees of being logged in. In the safe modes private tiddlers would be readable, but not modifiable. Modification attempts in safe mode should be logged on the server so that users can see the potential impact of trusting code.
TiddlySpace as it is currently arranged contains multiple vectors by which a mischievous person could inject executable code into another users browser session. This follows inevitably from the fact that TiddlySpace is explicitly a system designed to allow trusted decentralised groups to share JavaScript code.
In mitigation, TiddlySpace is equally clearly a publishing system to help people share information, and not a system designed to securely keep secrets. TiddlyWiki itself is anyway already uniquely placed to allow individuals to manage personal information as securely as they can manage any file.
The most important vectors for malicious code are consequences of intentional features of TiddlyWiki:
- Evaluated macro parameters
- Plugins
- MarkupPreHead, MarkupPostHead, MarkupPreBody, MarkupPostBody tiddlers
-
<HTML>blocks containing JavaScript - Stylesheets containing JavaScript
In partial compensation for the removal of useful features, I propose that we add core support for Safe Scripted Transclusions. We also need to take Social Measures for Information Security in TiddlySpace.
Another potential defence would be to allow users to choose different degrees of being logged in. In the safe modes private tiddlers would be readable, but not modifiable. Modification attempts in safe mode should be logged on the server so that users can see the potential impact of trusting code.