Linking to local files or other compositions?

  • 2
  • Question
  • Updated 9 months ago
Would I be correct in saying that version nine does not support hotspot linking to a local file?

This is a really big deal as I wish to create packages that are held locally as the content is confidential and the PCs being used cannot under any circumstances be connected to the outside world.  It must work from a DVD or memory stick and allow linking to PDF files, JPGs etc.

We were about to roll out Camtasia as our preferred method of multimedia distribution but unless I'm missing something this is a major setback.
Photo of frankphall.j

frankphall.j

  • 5 Posts
  • 1 Reply Like

Posted 9 months ago

  • 2
Photo of Rick Stone

Rick Stone

  • 4490 Posts
  • 2001 Reply Likes
Alas, linking to local content has been broken since version 8. something. The only way links now work is if you are linking to an HTTP address.

To me this is a pretty serious issue. I've yet to see something remotely acknowledging it as an issue being addressed by TechSmith.

Cheers... Rick :)
Photo of frankphall.j

frankphall.j

  • 5 Posts
  • 1 Reply Like
Has any reason been given?  This could be a deal breaker.  Linking to the web is an absolute no no for the material we need to produce.  Its local or nothing.

I even tried hand editing the HTML and JS files but while it looks like its going to work it deletes the colon after "file" in the line "file:///D:/Franks%20Documents/Videos/...".

Put the colon back in and away it goes.
Photo of kayakman

kayakman, Champion

  • 6250 Posts
  • 1834 Reply Likes
I believe the last version that supported relative links in hotspots was Camtasia Studio 8.4

I just checked and it can still be downloaded http://www.techsmith.com/download/oldversions.asp

maybe do what you can in CS9, then finish and produce using CS8?

I'll add that the relative links had to be scripted by editing the camproj file before producing, because the editor's callout UI controls would always insert a http:// leader regardless of the text entered into the URL property control
(Edited)
Photo of Glenn Hoeppner

Glenn Hoeppner, Employee

  • 1754 Posts
  • 286 Reply Likes
We had to change this functionality due to security concerns.

Hotspots were never intended to be linked to anything other than websites so the other functionality was not by design. Unfortunately, several users were linking to things other than websites and our security changes broke those workflows.

We've had conversations about it, but we haven't been able to come up with a good way to restore functionality without also reintroducing security problems.

Sorry for the bad news,
Glenn
(Edited)
Photo of Rick Stone

Rick Stone

  • 4484 Posts
  • 1999 Reply Likes
Glenn, would you be willing to expound on this a bit? For example, talking in more detail about the security issues?

My reason for asking is because this seems to be standard functionality. Personally, I'm failing to see how it's a security threat when one is able to plop the video into an inline frame of a web page and the web page itself gleefully allows linking to content such as PDF documents.

Additionally, tools such as Adobe Captivate allow linking from their own produced content. So one would think that if linking were a massive security threat, they wouldn't allow it either.

Enquiring minds want to know! ;)

AdvTHANKSance... Rick :)
Photo of frankphall.j

frankphall.j

  • 5 Posts
  • 1 Reply Like
It does sound a bit strange. Surely linking to a webpage in the outside world that can contain literally anything is just as risky as linking to another file that's already on my own computer or on the same media that the presentation came on.

Our plan was to put everything on a DVD , Usb stick or our internal network because the machines running the Camtasia package cannot be linked to web for security reasons.
Photo of Glenn Hoeppner

Glenn Hoeppner, Employee

  • 1754 Posts
  • 286 Reply Likes
You can put in something like "javascript:alert('hello');" and the web browser will execute it. Now a hello alert box isn't so bad, but imagine if it's a cryptocurrency mining script, or a script that looks for open browser tabs to your bank and tries to initiate bank transfers.

In a hotspot, the user has to click the link, but you could construct your script to run the javascript quietly and redirect to another site like you'd expect. You could also have put one in as an end action, and it just runs without any notification to the end user at all at the end of the video.

Anyway, those are some quick examples. It's what's known in the security world as an XSS (Cross Site Scripting) attack.

This vulnerability was reported to us by a user, but it's something we should have not been allowing in the first place: http://seclists.org/fulldisclosure/2015/Jan/59

Sorry for taking so long to reply...it's flu season :(

-Glenn