Here are a couple of ideas that would be neat to have, but more importantly a security patch.
When a macro file is uploaded, parse the file and build HTML output that represents the same as what is shown in KM editor. This would remove the need for the user to also upload a screen shot of the KM editor window. It would also show the actual content of the macro file.
Obviously that will take quite a bit of forum/coding work but it would be very neat.
If so, please always put it within expand/hidden blocks
(Even if #1 could be done,) when a macro file is uploaded, parse and edit it to remove the triggers and set the group to be a “sandbox”.
In KM itself, any imported macro is always put into a “sandbox” group (even if it didn’t go through #2), which is always disabled. Macros in the sandbox can’t be enabled or run until the user puts it into another group.
Along with #3, always strip out the macro’s trigger during import into KM.
If #3 and #4 don’t happen, it is possible for someone to post a malicious macro script to the forums pretending it is a helpful macro.
Friendly, Helpful Macro.kmmacros (3.3 KB)
For example, here is my “Friendly, Helpful Macro” which shows a text box of what could be a super nasty macro that deletes all of your files! This macro file is configured to import into the Global Macro Group (which is likely to be enabled) and to run every second. This means as soon as the user double clicks on it to import into KM, it immediately runs.
Of course you might say to yourself “what kind of person would blindly run/import a macro without checking it first?” and I bet if you were to run a poll, 99% of the userbase has assumed good intentions of the other KM users and have imported a macro without checking it first.
Sorry for exposing potential dark intentions with KM but such is my day job so I feel compelled to point it out in other apps too.