Hello there,
Revisiting an old story.
I just downloaded an app from openntf.org. Signed it with my own ID.
On opening it in Notes, I’m greeted by the good ole’ security alert :
“Notes has been asked to execute JavaScript containing a potentially dangerous action”
signed by No signature.
This time, instead of allowing whatever as is customary, I try to understand what’s happening.
First, googling this exact phrase yields … nothing, nada, void. Plenty of variations around various LCE alerts, but not this one, although from my own experience I’d say it’s not unusual.
Then the JavaScript in question, pretty innocuous btw, is nested in the PostOpen event of a form, said form indeed showing my signature. I edited the script, saved it. Alert still popping.
Of course, I ended up, as always, by allowing JavaScript signed by -No Signature- to do anything.
Not that I am overly worried by security in this exact case, but I’m wondering :
-
has someone met the same alert (specifically JavaScript) already ?
-
Am I missing something ?
-
How to handle the (hypothetical) deployment of a rich-client Notes app that would employ JavaScript ? Would you broadcast a permissive LCE policy ?