dbankier
Option to disable webserver
It is quite disturbing that you are offering a plugin with the web port automatically opened, and there is no option to disable it. The option of not opening the the browser is not the same thing.
Or did I miss something?
A webport is how this extension works, it opens a port to serve up the markdown and you can either visit the URL in the browser manually or automatically.
If this extensions offered an option to disable the web port the extension fundamentally would not work as described
Hi Alexander, Happy Holidays and TY for you reply.
I think it's still an issue as that port would also be exposed on internet unless fire-walled correctly or handled in the router to only be visible on local net. There is no warning, and no other info when installing the plug-in, that this would happen! And it doesn't make sense that this is an always on port, especially when you're not editing any markdown files, which is already rare. It's seem that this is just a great security vulnerability waiting to happen. (What exactly are you using to serve up those pages?)
@eabase I just wanted to note that I'm not the owner of this repo I'm just a contributor that is decently familiar with the codebase.
So this does open up a port as we know and the concerns you highlighted can be valid in some cases, although not common. This is a developer tool after all although I suppose the README could explicitly call out that it opens a port.
The thing you are missing here is the port is only opened for markdown files and closed if not viewing the markdown file. So the port is not open 24/7 it is opened as needed if the user navigates to a markdown file.