From ebb716514d9e64082352680d1db91390f2db38b0 Mon Sep 17 00:00:00 2001 From: Nick Sweeting Date: Fri, 3 Nov 2023 21:17:37 -0700 Subject: [PATCH] Update README.md security notice about extractors --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c2653833..85156330 100644 --- a/README.md +++ b/README.md @@ -655,7 +655,7 @@ https://127.0.0.1:8000/archive/* The admin UI is also served from the same origin as replayed JS, so malicious pages could also potentially use your ArchiveBox login cookies to perform admin actions (e.g. adding/removing links, running extractors, etc.). We are planning to fix this security shortcoming in a future version by using separate ports/origins to serve the Admin UI and archived content (see [Issue #239](https://github.com/ArchiveBox/ArchiveBox/issues/239)). -*Note: Only the `wget` extractor method executes archived JS when viewing snapshots, all other archive methods produce static output that does not execute JS on viewing. If you are worried about these issues ^ you should disable the wget extractor method using `archivebox config --set SAVE_WGET=False`.* +*Note: Only the `wget` & `dom` extractor methods execute archived JS when viewing snapshots, all other archive methods produce static output that does not execute JS on viewing. If you are worried about these issues ^ you should disable these extractors using `archivebox config --set SAVE_WGET=False SAVE_DOM=False`.* ### Saving Multiple Snapshots of a Single URL