How to add "call function" to blocks editor

[Joydeep Mitra]

Hello,

I was wondering how one would display a component's method to the block editor as "call methodName". I assume it is enough to annotate that method with @SimpleFunction. Is that enough or does one need to change one of the javascript files in the blocklyeditor/src/blocks? 

[Taifun]

. I assume it is enough to annotate that method with @SimpleFunction. Is that enough 

yes

see also the App Inventor Extensions document and How to Add a Component,

Taifun

[Joydeep Mitra]

Thanks Taifun for confirming that. Also, I see that some of the component methods store data in external storage. For example the camera component's takePicture() methods saves a picture in external storage. Isn't this is a security vulnerability? Isn't it better for the method to save the image in internal storage?

--
You received this message because you are subscribed to a topic in the Google Groups "App Inventor Open Source Development" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/app-inventor-open-source-dev/qtIN0gqqlEI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to app-inventor-open-source-dev+unsub...@googlegroups.com.
To post to this group, send email to app-inventor-open-source-dev@googlegroups.com.
Visit this group at https://groups.google.com/group/app-inventor-open-source-dev.
For more options, visit https://groups.google.com/d/optout.

[Taifun]

why do you think, this is a security vulnerability?

if you take a picture, usually you want to use the gallery of the device to display the picture later or use the sharing component to share it...

there is only the file component, which offers storing files in the program's private data directory, 

see also http://ai2.appinventor.mit.edu/reference/components/storage.html#File

Taifun

[Joydeep Mitra]

There is no way of knowing if an image contains sensitive information or not. An app could be used to capture image of an SSN card. If that is stored in External storage then a malicious app with read permission to external storage will get access to sensitive information. If there is an option of storing in internal storage then why not do it since internal storage is always more secure. One could argue that an attacker could get access to internal storage if the the attacker gets access to the device. However, in all other cases it is always safer to store information in internal storage.

--