Quote:
Originally Posted by syl3786
I didn’t realize that Microsoft Office was originally designed with end-user ribbon modifications in mind. If you happen to have any documentation or references about that, I’d love to check it out. It’s always interesting to learn more about the design decisions behind these tools.
|
Design documentation was published on MSDN when Office 2007 was released. It's probably only available via the Wayback Machine now.
Quote:
Originally Posted by syl3786
That said, I’ve also heard that XML-based customizations (like ribbon modifications) could potentially be exploited if not handled carefully. I’m not an expert on this, but it seems like both VBA and XML could have their own vulnerabilities depending on how they’re used.
|
There is no scope for malicious XML in the RibbonUI because if the XML doesn't correspond to the schema it is rejected, silently unless the option to show UI errors has been checked.