Hacker News new | comments | ask | show | jobs | submit login

Sounds like the web-office tools need a "partially public" option. I mean, I want to do whatever, whenever to my private documents, but when I open a document for public editing because my collaborators don't have a google account and so I just share out a long-URL with them, the expectation is that the worst thing that coudl happen is that a malicious actor that finds the URL could mangle the document and I'd have to revert it.

Giving my collaborators enough power to inject executables is far beyond my needs and my intent when I make the doc "open". At worst I'd expect to find a document edited with a link to an external malware exe, not some horrifying autorun problem.

You could also do warnings when the user clicks a link ina publicly editable doc "this document is publicly editable, which means that any rando on the internet might have set this link, not just your buddy who made the doc. Are you really sure you want to go there?"

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact