I take your point about providing links that can delete files! However,
would it not be possible to consider adding url commands for a safe
subset of the commands? repobrowser and log would be the two obvious ones.
Web-based alternatives to Tortoise aren't really as useful in this
situation, as someone clicking an url that showed the log for a
particular revision would want to be able to easily view the differences
and if necessary check out a working copy - launching Tortoise directly
is therefore the best thing. The first thing we do when given a comment
such as "Please review R1235" is to launch the Tortoise log viewer, then
find rev 1235 and click on it to see the changed files. It would just
be nice to be able to link to this straight from our web-based job system.
Thanks for all your hard work - Subversion and TortoiseSVN has really
made quite a difference to our work day!
Stefan Küng wrote:
> Max Spicer wrote:
>> I've just discovered the tsvn: and svn: protocols that can be used to
>> checkout or launch the repos browser respectively. It would be really
>> great if this could be extended to allow the passing of commands as
>> options. What I'd really like to do is to be able to craft an url
>> that when clicked in a browser would automatically launch the log
>> viewer for a particular revision.
>> Note that this uses the same format as the command line args.
>> If this is a sane feature request, would you mind adding it to the list?
> The problem with such an approach, while it may seem very easy to do and
> also seem like a really nice feature is that it asks for trouble.
> If you can execute any TSVN command by clicking on a link, some bad guys
> could misuse it (and there are enough such bad guys and script kiddies
> out there, believe me).
> For example, with your approach, someone could make a link like this
> and hide that link with a picture, or even use a browser bug to execute
> that link without user interaction.
> I don't like the idea of having to check for every command and
> possibility if it could be misused when passed with a link and then
> deactivate it for links. What if I miss a command, what if I miss a
> situation which could be bad?
> If you want your users to be able to see a log, you can use other means
> for that which are much better and also much less stress for your
> Or if you like our own 'changelog' here:
> and here:
> These were made with that little tool:
To unsubscribe, e-mail: firstname.lastname@example.org
For additional commands, e-mail: email@example.com
Received on Mon Apr 24 11:39:46 2006