#668 trust of potentially malicious scripts
Right now one must okay scripts once per session after being given the message "make sure the script does not contain malicious code". It's silly to assume they are going to reread the script each time, and David F suggested Autoplot could have an area where "blessed" scripts could live, then we compare the proposed script for execution to the blessed one. This would also have the advantage that there would be confirmation that the script has changed. I need to check to see if there is similar logic to this, because when you rerun a script from the address bar drop list, you are not prompted. It may be that the dialog is shown when there is a download, and it should query the same way for local files.
Also I need to confirm that some actions are available in the .jyds mode which could be malicious. I realize I keep thinking that .jyds scripts are safe when they might not be.
Here's the "malicious code" dialog.
Autoplot puts blessed scripts in autoplot_data/scripts, under a hash of the location.
It just occurred to me that if I had a difference visualization, I could show the differences between the last run revision and the current revision. This would be very helpful for verifying that new changes are seen.
See github support at https://sourceforge.net/p/autoplot/feature-requests/665/
The differences are shown and this is very effective.