Options/Security

Security

JavaScript enabled: [1]

Web

Web access enabled: [2]

Privacy

Logs enabled: [3]
History enabled: [4]
Bookmarks enabled: [5]
Load HTML to browser method: [6]	mem url

Notes

1. ^ Choose if Javascript enabled: (default is checked)
   • checked to enable JavaScript. Note that this will allow you to use the functions listed at Diagnostics/Javascript/All
   • unchecked to disable JavaScript. Only JavaScript specified by XOWA will run

   XOWA uses JavaScript for certain functionality such as MathJax, sortable, collapsible, and reference tooltips. Unfortunately, JavaScript can also be a vector of attack. Although XOWA scrubs pages to eliminate embedded JavaScript, it is possible for malicious JavaScript to be injected into a Wiki page that evades XOWA's code. For those concerned about security, the safest approach would be to disable JavaScript entirely.

2. ^ Choose if XOWA is allowed to access the Web: (default is checked)
   • checked to allow web access.
   • unchecked to forbid web access. XOWA will not connect to the internet under any circumstances. This is equivalent to pulling the network cable for XOWA only.
   Note that this may cause the app to not behave properly. For example:
   • Images will not download, even if "Retrieve files" is checked
   • Import links on Import/List will not work
   • Download dump status on Wiki/Maintenance will not work
   • etc..
   Also, note that this only controls XOWA's access to the internet. Viewer apps may still access the internet. For example, clicking on an external link will still launch a "Web browser". If you have VLC set up to play media files, it may access the internet when you click on a media file. A PDF app may try to update itself when you click on a PDF file. For more information, see Help/Privacy
3. ^ Choose if logs are enabled: (default is checked)
   • checked to enable logs. XOWA logs application activity for diagnostic purposes. Note that these logs are never shared or uploaded. See Help/Privacy for more info
   • unchecked to disable logs. No messages will be written to the log. You can check by going to Help -> System Data -> Session Log
4. ^ Choose if page history is enabled: (default is checked)
   • checked to enable page history. XOWA stores viewed pages for the Page History page (History -> Show). Note that this history is never shared or uploaded. See Help/Privacy for more info
   • unchecked to disable page history. No pages will be stored in page history. You can check by going to Help -> System Data -> Page History
5. ^ Choose if bookmarks are enabled: (default is checked)
   • checked to enable bookmarks. XOWA adds bookmarks whenever the user chooses "Bookmark this page". Note that these bookmarks are never shared or uploaded. See Help/Privacy for more info
   • unchecked to disable adding bookmarks. No bookmarks will be be added, even if the user clicks "Bookmark this page". You can check by clicking "Bookmark this page" and then clicking "Show all bookmarks"
6. ^ Choose how HTML is loaded into the browser: (default is mem) (recommended is url) This is a performance optimization with privacy implications
   • mem: Loads HTML through memory by calling browser.setText(html). For unknown reasons, SWT / XULRunner uses more memory when loading HTML by setText -- as much as 5 - 10 MB for a page like en.w:Earth.
   • url: Loads HTML through the file system by calling browser.setUrl(file, html). This call uses less memory, but requires writing the HTML to disk. (see /xowa/user/anonymous/app/tmp/html) Although setting HTML via disk is theoretically slower than memory, the time difference is not noticeable. This may be more of an issue for users with privacy concerns. For more info on the latter, see Help/Privacy.
   Note that mem is currently the default, but url will be made the default in a future release.