openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <dennis.hamil...@acm.org>
Subject RE: [DISCUSS] Issue 125954 unhiding "hidden" content on e-mail send of document
Date Sun, 01 May 2016 23:56:27 GMT


> -----Original Message-----
> From: Carl Marcum [mailto:cmarcum@apache.org]
> Sent: Saturday, April 30, 2016 14:57
> To: dev@openoffice.apache.org
> Subject: Re: [DISCUSS] Issue 125954 unhiding "hidden" content on e-mail
> send of document
> 
> On 04/30/2016 05:07 PM, Kay Schenk wrote:
> > On Fri, Apr 29, 2016 at 3:53 PM, Dennis E. Hamilton
> <dennis.hamilton@acm.org
> >> wrote:
> >>> -----Original Message-----
> >>> From: Kay Schenk [mailto:kay.schenk@gmail.com]
> >>> Sent: Friday, April 29, 2016 13:28
> >>> To: dev@openoffice.apache.org
> >>> Subject: Re: [DISCUSS] Issue 125954 unhiding "hidden" content on e-
> mail
> >>> send of document
> >>>
> >>>
> >>>
> >>> On 04/26/2016 03:39 AM, Carl Marcum wrote:
> >> [ ... ]
> >>>> I think If there is one Email command, the user should then be
> >>> presented
> >>>> a choice. It could just be a choice of 2 buttons.
> >>>>
> >>>> The checkbox I was thinking of would be in a dialog after the email
> >>>> command was selected to include or remove hidden content prior to
> >>>> continuing.
> >>>>
> >>>> Thanks,
> >>>> Carl
> >>> The feedback is really appreciated.I haven't tested the patch yet.
> I'm
> >>> hoping to get to it soon.
> >>> In any case, what would anyone think about using the checkbox
> approach
> >>> but have it NOT saved with the document if that is possible. This
> way,
> >>> it would need to be rechecked each time it is needed, as opposed to
> >>> accidentally cause security issues.
> >> [orcmid]
> >>
> >> There's a little more forensic work at the issue itself now,
> >> <https://bz.apache.org/ooo/show_bug.cgi?id=125954>.
> >>
> > ​Yes, there has been and it is very interesting to say the least.
> Thanks
> > for the extensive testing on this.
> > 
> >
> >
> >> This can be done with a check box rather than two radio buttons.  If
> we
> >> take this route, which I feel works against the dominant community of
> >> casual users, the choice to remove hidden content should be pre-
> selected.
> >>
> >> Also, will this choice be required whether or not there is hidden
> >> content?  That can have its own usability and user-confidence
> consequences
> >> with respect to casual users and might still be an annoyance to
> expert
> >> users.
> >>
> >> This might be something worth polling the users@ list about.
> >>
> > ​I think that might be worthwhile. I don't really have any idea how
> often
> > "hidden content" is used in OpenOffice, or what users' expectations
> are
> > about it.
> > 
> 
> My experience with hidden content in an enterprise environment is that
> the hidden content is often "help" type information and should stay with
> the document as it is moved around the organization for review or
> approval.
> 
> Our wiki has many examples of such documents with this type of content
> that were the original specifications by Sun where they include a
> toolbar and macros for hide/unhide, add sections, etc. Removing this
> content will break this functionality.
> Here are a few examples:
> 
> http://www.openoffice.org/specs/ui_in_general/menus/Menus.odt
> http://www.openoffice.org/specs/appwide/packagemanager/simple_extension_
> license.odt
[orcmid] 

That's useful confirmation that this happens under expert-use conditions.  

Thank you.  

I am not clear what to make of this in regard to the question of Send > Document as E-mail
... preservation of hidden content though.

I just discovered an interesting security-related edge case.  Apache OpenOffice will provide
digital signatures on documents having hidden content.  LibreOffice 5.0.0 will reject those
signatures and it will fail to sign such documents itself.

I can't check myself.  My unverified theory is that if Apache OpenOffice accepts a request
to send such a signed document, it will probably break/remove the signature always but certainly
if it sends the document with hidden content removed.

I don't know how this informs any determination of resolution for the hidden-content stripping
situation.

> 
> Thanks,
> Carl
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Mime
View raw message