Update README.md security notice about extractors

This commit is contained in:
Nick Sweeting 2023-11-03 21:17:37 -07:00 committed by GitHub
parent 5c4a50557b
commit ebb716514d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -655,7 +655,7 @@ https://127.0.0.1:8000/archive/*
The admin UI is also served from the same origin as replayed JS, so malicious pages could also potentially use your ArchiveBox login cookies to perform admin actions (e.g. adding/removing links, running extractors, etc.). We are planning to fix this security shortcoming in a future version by using separate ports/origins to serve the Admin UI and archived content (see [Issue #239](https://github.com/ArchiveBox/ArchiveBox/issues/239)).
*Note: Only the `wget` extractor method executes archived JS when viewing snapshots, all other archive methods produce static output that does not execute JS on viewing. If you are worried about these issues ^ you should disable the wget extractor method using `archivebox config --set SAVE_WGET=False`.*
*Note: Only the `wget` & `dom` extractor methods execute archived JS when viewing snapshots, all other archive methods produce static output that does not execute JS on viewing. If you are worried about these issues ^ you should disable these extractors using `archivebox config --set SAVE_WGET=False SAVE_DOM=False`.*
### Saving Multiple Snapshots of a Single URL