Bug 30302 - Would like Support for Bookmarklets
Summary: Would like Support for Bookmarklets
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: bookmarks (show other bugs)
Version: unspecified
Platform: Debian testing Linux
: NOR wishlist
Target Milestone: ---
Assignee: lypanov
URL:
Keywords:
: 28150 34023 56453 57410 65831 (view as bug list)
Depends on:
Blocks:
 
Reported: 2001-08-05 18:03 UTC by alsbergt
Modified: 2011-05-03 17:05 UTC (History)
11 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments
javascript.sh (386 bytes, application/x-shellscript)
2005-01-28 03:00 UTC, Jason Keirstead
Details
javascript.protocol (199 bytes, text/plain)
2005-01-28 03:00 UTC, Jason Keirstead
Details

Note You need to log in before you can comment on or make changes to this bug.
Description alsbergt 2001-08-05 18:00:41 UTC
(*** This bug was imported into bugs.kde.org ***)

Package:           keditbookmarks
Version:           unknown (using KDE 2.1.2 )
Severity:          wishlist
Installed from:    Debian Package 4:2.1.2-3 (testing/unstable)
Compiler:          gcc version 2.95.4 20010522 (Debian prerelease)
OS:                Linux
OS/Compiler notes: Linux kernel 2.4.6 Debian woody

  It would be nice to have support for Bookmarklets in Konqueror such as the ones available at http://www.bookmraklets.com/. Bookmarklets are bookmarks with URI type "javascript" which should execute the JavaScript code in the URI when visited.
  Bookmarklets are useful for various actions on the current page like sending the page's URL to an HTML validator or mark something in the page or send some text in the page to a search engine's query or sending the page's URL to a search engine's "related pages" query. As well as pop up some Javascript message/dialog boxes and process the input to generate some page or send to some other URL.
  Of course bookmarklets are mostly useful in the bookmarks toolbar so they should be supported there.

(Submitted via bugs.kde.org)
(Called from KBugReport dialog. Fields OS manually changed)
Comment 1 lypanov 2002-10-23 12:31:31 UTC
*** Bug 34023 has been marked as a duplicate of this bug. ***
Comment 2 lypanov 2002-10-23 12:34:23 UTC
*** Bug 28150 has been marked as a duplicate of this bug. ***
Comment 3 lypanov 2002-10-23 17:30:52 UTC
low priority as this is quite difficult.  
but i've got some ideas for how to do it :)  
Comment 4 lypanov 2003-02-21 14:10:26 UTC
done in latest cvs though you'll need to use keditbookmarks to add the 
bookmarks currently as konqueror doesn't allow you to add them even 
after executing them itself :) 
 
if you find any bookmarklets that don't work then please add the testcases  
to this bug report and i'll try to get them working. 
 
thanks for the input! 
Alex 
Comment 5 lypanov 2003-02-25 13:25:52 UTC
due to security problems with bookmarklets and the  
lack of time that i've got to do the research required 
to make them secure i've disabled the feature and 
re-opened the bug. 
 
Alex 
Comment 6 lypanov 2003-03-02 10:40:42 UTC
ok, given that 8 people have voted for this i've
given time to a new way of doing bookmarklets.
in the tools menu i'll add a small submenu called
mini-tools, related to that menu will be a minitoolsrc
file in .kde/share/config, here lines of javascript can
be typed in to provide you with javascriptlets. 
if you have any nice bookmarklets _please_ add 
them to this bug report. otherwise i'll not even bother
as konqi _has_ to come with a good set of mini-tools.
Alex
Comment 7 Ludo 2003-03-02 12:24:25 UTC
Some bookmarklets which I think might be helpful:

From http://www.bookmarklets.com/tools/data/index.phtml :
Page Freshness? - this can be useful to know if a project is still being maintained
Statusbar Shows URL - some irritating websites don't show the URL, but some text
like the page's title in the statusbar. This is extremely annoying IMHO

http://www.bookmarklets.com/tools/look/index.phtml :
these are all ways to easily modify the pages bg color, disable bg image, change
text color,...
a lot of sites have colors which don't go together well - at all - and makes
reading painful.
Page Color... - asks for a bg color
Page Color to White - the name says it all
Text Color... - this one is an alternative to the two above, and changes the
text color instead of the bg image.
Remove Background Image - sometimes it's not the bg color, but the bg image
which is annoying...
Hide All Images - if images are used only for decoration and take a long time to
load
Hide 468 x 60 Banners - this can be extremely useful, especially on sites owned
by internet.com ;-)
Text Font to Verdana - to modify some crappy fonts
Text Font to Arial - same as above of course
Comment 8 Rene Horn 2003-03-26 11:24:27 UTC
This sounds like a nice feature, but I would highly recommend limiting the capabilities of 
bookmarklets, and somehow giving people the choice of elevating a bookmarklet's privileges if it 
requires it.  This sounds like a potential security hazard if not properly handled. 
Comment 9 lypanov 2003-03-26 12:24:23 UTC
Subject: Re:  Would like Support for Bookmarklets

On Wed, Mar 26, 2003 at 10:24:30AM -0000, Rene Horn wrote:
> This sounds like a nice feature, but I would highly recommend limiting the capabilities of 
> bookmarklets, and somehow giving people the choice of elevating a bookmarklet's privileges if it 
> requires it.  This sounds like a potential security hazard if not properly handled.

(rene, this isn't really aimed at you, so don't
 take it too personally, its a generic comment)

this would require waaay too much programming
effort for something that is basically pointless
i'm getting close to the point of simply closing
this bug with a "wontfix" and doing so any time
bookmarklets are suggested in the future.

i shall do the minitools applet tonight, if 
there are any complaints about security problems 
or reverts of my commit i will simply remove all 
further such wishlist items unless they contain 
patches.

mvg,
Alex

Comment 10 Ismail Donmez 2003-03-26 19:40:22 UTC
Isn't JavaScript in general contains security problems ? There are many things in *nix world that 
can be have a security problem ( su,apache,ssh etc ) but thats not enough reason to remove 
them. 
Comment 11 Jason Keirstead 2003-03-26 19:54:05 UTC
I don't really see any security issues with regards ot this at all. JavaScript has no file 
I/O or network I/O on your machine, the only data it can ever access is cookie files. 
And because scriptlets have no domain, they could not access any cookies either. 
So what is the security problem? 
Comment 12 lypanov 2003-03-26 19:59:45 UTC
Subject: Re:  Would like Support for Bookmarklets

On Wed, Mar 26, 2003 at 06:54:06PM -0000, Jason Keirstead wrote:
> I don't really see any security issues with regards ot this at all. JavaScript has no file 
> I/O or network I/O on your machine, the only data it can ever access is cookie files. 
> And because scriptlets have no domain, they could not access any cookies either. 
> So what is the security problem?

the current page is entirely accessable through js.
without this ability bookmarklets are useless, and
with it they pose a security risk. of course, its
the users fault imo if they use a bookmarklet that
they are not sure of, but...

Alex

Comment 13 Jason Keirstead 2003-03-26 20:08:16 UTC
Well IMO this is common sense. A bookmarklet is locally stored, it should be no 
different from a shell script in your home directory when it comes to permissions.  
Just as you can have a danerous shell script, so could you have a dangerous 
bookmarklet. Its not like websites can auto-install them. 
Comment 14 lypanov 2003-03-26 20:24:01 UTC
Subject: Re:  Would like Support for Bookmarklets

On Wed, Mar 26, 2003 at 07:08:17PM -0000, Jason Keirstead wrote:
> Well IMO this is common sense. A bookmarklet is locally stored, it should be no 
> different from a shell script in your home directory when it comes to permissions.  
> Just as you can have a danerous shell script, so could you have a dangerous 
> bookmarklet. Its not like websites can auto-install them.

true. thats one thing that having them in mini-tools
menu as opposed to just having them in the bookmarks 
menu itself really helps on.

Alex

Comment 15 Maksim Orlovich 2003-03-27 04:06:39 UTC
*** Bug 56453 has been marked as a duplicate of this bug. ***
Comment 16 Ismail Donmez 2003-03-27 06:21:47 UTC
IE is a good example of evil javascript just search securityfocus ;) 
Comment 17 Jason Keirstead 2003-03-27 06:32:06 UTC
The only reason JS has had so many security problems in IE is that they allow people 
to insantiate ActiveX objects from JS if the script is run in a "secure zone", and 
ActiveX objects pretty much can get full access to anything. All the holes in IE revolve 
around hacking around the "secure zone" so you can do activex junk in an insecure 
zone... the reality is there is no need for any of the ActiveX junk in the first place and 
they never should have allowed this. 
Comment 18 Ismail Donmez 2003-03-27 08:39:35 UTC
This discussion gets out of bookmarklet topic so sorry for that but check : 
 
http://www.guninski.com/navan-desc.html 
http://www.greymagic.com/adv/gm012-ie/ 
http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00115.html 
 
There are many more and need no ActiveX which is real security headache btw. And if you do 
not add a bookmarklet yourself you have no security problem ( existent or non-existent ones ) . 
 
Let this message be the last out-of-topic message on this bug btw. Feel free to mail me for 
personal discussion. 
Comment 19 Datschge 2003-03-30 16:33:33 UTC
Back to the topic.

> Well IMO this is common sense. A bookmarklet is locally stored, it should be no
> different from a shell script in your home directory when it comes to permissions.
> Just as you can have a danerous shell script, so could you have a dangerous
> bookmarklet. Its not like websites can auto-install them.

I fully agree and think we should give this feature at least a chance. If it's
in a public release once and people the find hundreds of ways how to abuse
bookmarklets to breach security even though it can't be accessed and added by
websites, can't access any I/O etc. then we can still remove it again. Afaics
this is technically impossible so I suggest either adding this feature or
proving us wrong.
Comment 20 lypanov 2003-03-31 18:32:24 UTC
now in cvs: kdeaddons/konq-plugins/minitools 
could you if possible please send me your magical 
minitools bookmarks files when you get a good set  
of bookmarklets that work with this?,  
 
if any javascript in bookmarks doesn't work, simply 
add them as comments to this bug and i'll look into  
fixing them. 
 
thanks, 
Alex 
Comment 21 Maksim Orlovich 2003-04-18 15:31:37 UTC
*** Bug 57410 has been marked as a duplicate of this bug. ***
Comment 22 Riku Voipio 2003-06-15 16:14:15 UTC
From: 
http://www.squarefree.com/bookmarklets/webdevel.html 
 
for example the "ancestors" bookmarklet works perfectly when clicked on 
the page, but when clicked from bookmarks konqueror tries to search the 
javacript: link on google. 
 
Also, I've got overaddicted to the "edit styles" bookmarklet on the same page, 
atough I guess that supporting the the mozilla-specific XMLHttpRequest could 
be too much of work compared to gains. 
 
Other highly usefull bookmarklets from the same site: 
 
"show_hiddens" and "undisable" from forms section 
"increment/decrement" from misc 
"linkify" in log analysis (usefull for viewing any text file..) 
Comment 23 Ismail Donmez 2003-06-15 16:51:10 UTC
Subject: Re:  Would like Support for Bookmarklets

On Sunday 15 June 2003 17:14, riku.voipio@iki.fi wrote:

> ------- Additional Comments From nchip@kos.to  2003-06-15 16:14 -------
> From:
> http://www.squarefree.com/bookmarklets/webdevel.html
>
> for example the "ancestors" bookmarklet works perfectly when clicked on
> the page, but when clicked from bookmarks konqueror tries to search the
> javacript: link on google.
>

This bug is closed please open another bug report for this.

Comment 24 Maksim Orlovich 2003-10-11 01:09:24 UTC
*** Bug 65831 has been marked as a duplicate of this bug. ***
Comment 25 Mathias Homann 2003-10-11 01:21:16 UTC
 On Sunday 15 June 2003 17:14, riku.voipio@iki.fi wrote:  
  
 > ------- Additional Comments From nchip@kos.to 2003-06-15 16:14 -------  
 > From:  
 > http://www.squarefree.com/bookmarklets/webdevel.html  
 >  
 > for example the "ancestors" bookmarklet works perfectly when clicked on  
 > the page, but when clicked from bookmarks konqueror tries to search the  
 > javacript: link on google.  
 >  
  
 This bug is closed please open another bug report for this.  
  
  
 ... that i just did. which got immediately closed being a dublicate of this 
one. 
 
Comment 26 Maksim Orlovich 2003-10-11 01:33:33 UTC
That script works as it should in HEAD (development version) using the minitools 
bookmarklet plugin (note: that not being done through the bookmarks menu is by 
design) 
 
Comment 27 jpschewe 2003-11-29 18:32:15 UTC
Another really handy use for this feature is for sites like Backflip, http://www.backflip.com.  They have a piece of javascript that you add to your links bar that allows you to bookmark the current page and store that bookmark on their site.
Comment 28 Oded Arbel 2003-12-30 11:35:55 UTC
I think it would be much more useful if bookmarklets can be entered in the location bar and saved in normal bookmarks - **like in any other browser**.
Comment 29 lypanov 2003-12-30 11:48:23 UTC
Subject: Re:  Would like Support for Bookmarklets

On Tue, Dec 30, 2003 at 10:35:59AM -0000, Oded Arbel wrote:
> I think it would be much more useful if bookmarklets can be entered in the location bar and saved in normal bookmarks - **like in any other browser**.

sorry i'm afraid i disagree due to the security concerns.
feel free to post a patch which enables this and adds sandbox
levels to kjs.

Alex

Comment 30 Oded Arbel 2003-12-30 14:44:20 UTC
Subject: Re:  Would like Support for Bookmarklets

ביום שלישי 30 דצמבר 2003, 12:48, נכתב על ידי lypanov@kde.org:
> On Tue, Dec 30, 2003 at 10:35:59AM -0000, Oded Arbel wrote:
> > I think it would be much more useful if bookmarklets can be entered in
> > the location bar and saved in normal bookmarks - **like in any other
> > browser**.
>
> sorry i'm afraid i disagree due to the security concerns.
> feel free to post a patch which enables this and adds sandbox
> levels to kjs.

Why would this be a security issue ? what the difference between the 
mini-tools and just storing bookmarklets directly into the regular bookmark 
file ?

And what about directly typing in the location bar ? surely you can't argue 
that this is a security issue ? if the user types 
javascript:rm / -rf
(if that was possible in javascript), then I think konqueror should joyfully 
oblige and remove the user's entire file system.

Comment 31 lypanov 2003-12-30 15:01:43 UTC
Subject: Re:  Would like Support for Bookmarklets

On Tue, Dec 30, 2003 at 01:44:22PM -0000, Oded Arbel wrote:
> Why would this be a security issue ? what the difference between the 
> mini-tools and just storing bookmarklets directly into the regular bookmark 
> file ?

1) mini-tools file has to be editing to add bookmarks.
adds a level of indirection that ain't nice to advanced
users. 2) it stops the possibility that people will
execute javascript: urls without being aware of it.

Alex

Comment 32 oded 2003-12-30 15:11:40 UTC
Subject: Re:  Would like Support for Bookmarklets

On Tuesday 30 December 2003 16:01, lypanov@kde.org wrote:
> > Why would this be a security issue ? what the difference between the
> > mini-tools and just storing bookmarklets directly into the regular
> > bookmark file ?
>
> 1) mini-tools file has to be editing to add bookmarks.
> adds a level of indirection that ain't nice to advanced
> users. 

Thats what I consider a problem. its not a huge problem as it uses the same 
editor as the normal bookmark editor, but it's be nice to have everything in 
the same place and regular bookmarks are more accessable due to the bookmark 
toolbar. 
for example I have a bookmarklet that runs babylon.com to translate words that 
I select in a web page. having this as a button on the toolbar is three times 
more useful then clicking "tools"->"mini-tools"->"translate" everytime.

You seem to imply that bookmarklets by nature are dangerous, a concern I do 
not understand. why are these more dangerours then regular javascript being 
run on a web page ? IMO there are less so as the user has to manually add 
them and then manually invoke them while regular javascripts do not have 
these limitations.

> 2) it stops the possibility that people will 
> execute javascript: urls without being aware of it.

I again fail to see how is that different then having javascripts active in a 
web page. bookmarklets are even more secure then those.
If you are refering to the ability to type "javascript:" commands on the 
location bar then I fail to see how a user can do that w/o being aware of it.

Comment 33 Roland Seuhs 2003-12-30 17:45:48 UTC
> 1) mini-tools file has to be editing to add bookmarks. 
> adds a level of indirection that ain't nice to advanced 
> users. 

How can this be considered an advantage?
 
> 2) it stops the possibility that people will 
> execute javascript: urls without being aware of it.

Since any random website can contain Javascript, I fail to see how that increases security in any way. Also I fail to see how an attacker could possibly benefit from that. If an attacker creates some "bad" bookmarklet and hopes the user installs and runs it, it doesn't make any difference wether the bookmarklet is in "minitools" or not. Also the attacker can run the bad Javascript as soon as the victim is on his website, I don't see the point in going the bookmarklet-route at all.

If awareness of javascript URLs is important, why not do the obvious and mark them as such (With a special icon for example - or a "js:" prefix) or pop up a "This is a javascript URL you are trying to start" but please include a "never show me this again"-checkbox.


 
Comment 34 lypanov 2003-12-30 18:41:28 UTC
Subject: Re:  Would like Support for Bookmarklets

On Tue, Dec 30, 2003 at 04:45:51PM -0000, Roland Seuhs wrote:
> Since any random website can contain Javascript, I fail to see how
> that increases security in any way. Also I fail to see how an attacker
> could possibly benefit from that. If an attacker creates some "bad"
> bookmarklet and hopes the user installs and runs it, it doesn't make
> any difference wether the bookmarklet is in "minitools" or not. Also
> the attacker can run the bad Javascript as soon as the victim is on
> his website, I don't see the point in going the bookmarklet-route at
> all.

but not on someone elses site. a minitool otoh. 
could steal credit card from the current page.

Alex

Comment 35 Oded Arbel 2003-12-30 20:47:34 UTC
Subject: Re:  Would like Support for Bookmarklets

ביום שלישי 30 דצמבר 2003, 19:41, נכתב על ידי lypanov@kde.org:
> but not on someone elses site. a minitool otoh.
> could steal credit card from the current page.

Supposedly so, but the user would still have to manually install the "steal 
credit card" bookmarklet and then manually invoke the untrusted script. and 
they still can do it with the mini-tools interface, which just makes it two 
more click to install and two more clicks to run.

I don't accept that this is cause enough to add the extra complexity to 
everyone on the off case that someone would be stupid enough to do the above 
mentioned steps.

I don't see any difference between a malicous bookmarklet and someone putting 
a keyboard sniffer or a back door program on their site with the title 
"install me". the users shouldn't be so stupid to install untrusted code w/o 
examining it, and if they do its not our fault.

Comment 36 lypanov 2003-12-30 21:23:57 UTC
Subject: Re:  Would like Support for Bookmarklets

On Tue, Dec 30, 2003 at 07:47:35PM -0000, Oded Arbel wrote:
> I don't see any difference between a malicous bookmarklet and someone putting 
> a keyboard sniffer or a back door program on their site with the title 
> "install me". the users shouldn't be so stupid to install untrusted code w/o 
> examining it, and if they do its not our fault.

sorry but this is just flawed thought the user should not have to
inspect urls that they add to the bookmarks file.

if you want it so much please submit a patch and convince the 
other konqueror developers to accept it. i won't do so as i have
no interest whatsoever in bookmarklets and i've added
the basic on peoples request already.

mvg,
Alex

Comment 37 Oded Arbel 2003-12-30 21:55:24 UTC
Subject: Re:  Would like Support for Bookmarklets

> sorry but this is just flawed thought the user should not have to
> inspect urls that they add to the bookmarks file.

I understand but I think it not different then other scenarios where user has 
to show some smarts.

> if you want it so much please submit a patch and convince the
> other konqueror developers to accept it. i won't do so as i have
> no interest whatsoever in bookmarklets and i've added
> the basic on peoples request already.

Ok. Thanks for all the work you've done, and for patiently putting up with 
me :-)

I'll see what I can do about a patch to get the behavior I want before 
approaching this bug again.

Comment 38 Jason Keirstead 2004-01-02 15:42:02 UTC
The main thing I find extremely annoying and lacking in the current bookmarklets support is how out of line it is with the other browsers. In Mozilla or IE you can go to a site like http://www.bookmarklets.com or http://www.google.ca/options/buttons.html and just drag the bookmarklet to your toolbar, boom, you have a nice functional button. Or, you can just right click the link and "Add Bookmark".

In Konqueror you can't do either; you have to right click, copy location, launch mini tools editor, paste it in, etc. And there is *no* way at all to add a browser button.

This causes problems in two ways. One, it makes it totally inapparant to the new user how they are supposed to add these bookmarklets, so much so that they'd likely think Konqueror doesn't support them. Two, not having the ability to create a browser button enliminates much of the convience of bookmarklets.

Really, I totally agree with Oded in that I do not see any security-related reason that JS bookmarks should be restricted; the user has to manually add them, and then has to manually activate them, if they are doing this without checking for possible security holes that is their problem. 

A good compromise (much better than this mini-tools boondoggle) would be to simply prompt with a Continue / Cancel warning dialog (with a "Do not ask me this again" checkbox) when the user tries to bookmark a javascript: link, and if they click "Continue" then  add it to normal bookmarks ( or the toolbar if they dragged it there ). This fixes all the issues I just outlined and also alerts the user to possible security concerns.
Comment 39 lypanov 2004-01-02 15:57:01 UTC
Subject: Re:  Would like Support for Bookmarklets

On Fri, Jan 02, 2004 at 02:42:05PM -0000, Jason Keirstead wrote:
> The main thing I find extremely annoying and lacking in the current bookmarklets support is how out of line it is with the other browsers. In Mozilla or IE you can go to a site like http://www.bookmarklets.com or http://www.google.ca/options/buttons.html and just drag the bookmarklet to your toolbar, boom, you have a nice functional button. Or, you can just right click the link and "Add Bookmark".
> 
> In Konqueror you can't do either; you have to right click, copy location, launch mini tools editor, paste it in, etc. And there is *no* way at all to add a browser button.
> 
> This causes problems in two ways. One, it makes it totally inapparant to the new user how they are supposed to add these bookmarklets, so much so that they'd likely think Konqueror doesn't support them. Two, not having the ability to create a browser button enliminates much of the convience of bookmarklets.
> 
> Really, I totally agree with Oded in that I do not see any security-related reason that JS bookmarks should be restricted; the user has to manually add them, and then has to manually activate them, if they are doing this without checking for possible security holes that is their problem. 
> 
> A good compromise (much better than this mini-tools boondoggle) would be to simply prompt with a Continue / Cancel warning dialog (with a "Do not ask me this again" checkbox) when the user tries to bookmark a javascript: link, and if they click "Continue" then  add it to normal bookmarks ( or the toolbar if they dragged it there ). This fixes all the issues I just outlined and also alerts the user to possible security concerns.

please send in patches. 
i'm not accepting requests on this topic anymore.

Alex

Comment 40 jeff pitman 2004-02-29 16:13:44 UTC
See Bug #76423; hopefully, it ends up in the right mailbox this time.
Comment 41 lypanov 2004-02-29 16:57:45 UTC
whether or not it ends up in the correct mailbox is of little concern
in any case. i'll repeat what i've already said on several occasions.

send your patches in to the relevant mailing lists.

Alex
Comment 42 jeff pitman 2004-04-07 12:33:28 UTC
I've started a preliminary project exploring the issues. You can get a pre-alpha version that is operational here: http://konqlets.berlios.de/. If you would like to help further its goals, let me know.  This project is a KIO that will allow for javascript: URIs.

Thanks,

Jeff
Comment 43 Jason Keirstead 2005-01-28 03:00:09 UTC
On January 27, 2005 08:29 pm, Greg Stark wrote:
> But my version of konqueror doesn't seem to have the minitool thing. I
> can't tell what happened in this bug report in the end after all the
> arguments, did it get included or disabled? What version did it appear in?

For anyone interested.. I have just hacked in a very easy way to add full 
javascript: support to Konq. This will make javascript: typed URLs work in 
the location bar, and will also let normal bookmarks execute as bookmarklets. 
It is a nasty dcop hack but it seems to work fine.

Instructions:

1. Copy the javascript.protocol to your $KDEDIR/share/services directory
2. Copy the javascript.sh to anywhere, and chmod it 755
3. Edit the javascript.protocol file to point at the javascript.sh

That's it!



Created an attachment (id=9323)
javascript.sh

Created an attachment (id=9324)
javascript.protocol
Comment 44 Jason Keirstead 2005-01-28 03:20:58 UTC
On January 27, 2005 10:08 pm, Jason Keirstead wrote:
> 2. Copy the javascript.sh to anywhere, and chmod it 755

Just a note - the javascript.sh had a bug in it... place quotes around the 
evalJS line ( make it look like below ), otherwise more complicated scripts 
fail:

dcop $konq $widget evalJS "${1:11}";


Comment 45 Ber Kessels 2005-07-06 12:08:24 UTC
why is this marked "fixed"? To me it clearly is not fixed.There are some attachents taht allow "nasty dcop hacks", and IMHO that is far from fixed. IMHO this is only fixed when I can apt-get or urpmi konqueror, and that has bookmarklet support in it. you cannot expect people to fiddle around with .protocol files and .sh files. Even some non-nasty .protocol would suffice for most users. But certainly, an attachement in a bug thread is really not "fixing" this. 
Comment 46 Oded Arbel 2005-07-06 19:20:01 UTC
This is marked fixed because one of the developers (Alex) has invested considerable time to address the bookmarklet issue and has reached a solution which provides a good balance (at least according to said developer) between the apparent security issues and bookmarklet usability.

If you think this is not the case, and are not happy with the current solution that the Konqueror developers have reached, then - as Alex mentioned a few times in the comments (which I hope you had the good sense to read from start to end) - you are free to send patches that integrate your requested behavior and I'm sure the code will be examined and judged on by its merits.
Comment 47 zach powers 2007-04-30 02:30:02 UTC
Alex, thank you for your work on the minitools. I had wanted to add a javascript bookmark from Refworks .com.  (i've included it below if you would like to look at it). Basically this script takes bibliographic information from a webpage, logs into your Refworks account and stores the information on the Refworks bibliography database. This is a VERY nice tool and it is great to be able to use it (thank you) but it would be even better if more people knew about the tool since this bookmarklet is so easy to save in other webbrowsers (i saw the extensive comments above; and I have nothing to add here except to say these little scripts are very useful).

I have a small feature request. Is it possible to have a plugin for Konqueror that would take the same information and download it to a locally run bibligraphic software such as Kbibtex or the not-so-advanced-but-they are-working-on-it-for-next-release bibliographic software of OpenOffice? this would be a phenomenal feature, a true boon to any poor sap like myself who has to read and organize lots of papers. There are proprietary solutions but an open source tool like this would be awesome. Maybe the bookmarklet idea is a good one? i don't have a handle on how hard this project would be to implement or even if this is the right place to bring this up. Thanks again.

Refworks bookmark/booklet
javascript:var wRWMain1=window.open('','RefWorksBookmark');d=document;i='AddToRWScript';if(d.getElementById(i))RWAddToRW1();else{s=d.createElement('script');s.type='text/javascript';s.src='http://www.refworks.com/refworks/include/addtorw.asp';s.id=i;d.getElementsByTagName('head')[0].appendChild(s);}void(0);
Comment 48 ermonnezza 2011-05-03 16:40:30 UTC
(In reply to comment #46)
> This is marked fixed because one of the developers (Alex) has invested
> considerable time to address the bookmarklet issue and has reached a solution
> which provides a good balance (at least according to said developer) between
> the apparent security issues and bookmarklet usability.

I have a major problem with this. I think it's fair to have bookmarklets disabled by default, by I think the adult and consenting user should be allowed to enable, at his own risk, fully functional bookmarklets that can sit in the bookmark bar, as with any other browser. Otherwise the adult and consenting user will keep using a different browser. Having bookmarklets available but awkward to use, as currently implemented in minitools, is a bad compromise when it comes to  usability.

Moreover, the description of konq-plugins 4.4.0 (incl. minitools) says:
"These plugins are not part of the official KDE Software Compilation, they
 are a KDE Extragear software and may get out of sync with Konqueror."
I'm not sure whether this still holds but I find it scary.. 
 
> 
> If you think this is not the case, and are not happy with the current solution
> that the Konqueror developers have reached, then - as Alex mentioned a few
> times in the comments (which I hope you had the good sense to read from start
> to end) - you are free to send patches that integrate your requested behavior
> and I'm sure the code will be examined and judged on by its merits.

Well if you extend this reasoning you can mark most bugs here as "fixed, unless someone out there wants to really fix it", but then what's the point of tracking bugs.. I think a "WON'T FIX" would be more appropriate, but personally I hope that this bug will be reopened.

Nevertheless thanks a lot Alex and everybody for the great job!
Comment 49 ermonnezza 2011-05-03 17:05:20 UTC
For the record, the same issue has been solved in rekonq:
https://bugs.kde.org/show_bug.cgi?id=250623
I tested it and I could add and use bookmarklets without any warning,
so I don't see why it should be a problem to do the same in konqueror..