Hi! I am writing a research paper about OnlyOffice security. I’m researching the security of macros, and I want to find out where macros are stored in configuration files and in the Windows registry. How dangerous macros are, whether they are isolated. Do I need any special rights to edit them?
Hey, @kiada
it’s quite interesting!
The macros are stored inside the document structure.
Macros do not have any access to the system.
Here you can find more information about macros: https://api.onlyoffice.com/plugin/macros
I could not quite understand…
Having access to the document and the editor, you can write macros and save it.
Please do not hesitate asking questions if you have any.
I will try to answer all your questions 
I found a macros in the document structure. I made a semblance of a hacker attack and changed the text of the macros, and then launched the document. Since the macros is autorun, there was only a warning that the macros would run. Not a word about changing his code.
I don’t fully understand your idea:)
Of course, any files downloaded from the Internet may contain malicious code (or as in your case, the macro code has been changed)
OnlyOffice editor opens the document with a macro.
In the editor settings (based on security, it is possible to set one of the 3 options)
Disable All
Show Notification (default)
Enable All
I know about these settings. But I deliberately tried to create a situation where everything is allowed. Most people always agree to everything without even thinking about the danger.
I also checked the EDS, and it didn’t work out that way, when the signature was changed, the file refused to open.
So now I want to find out if the macros is stored in the Windows registry or in the configuration files. Or just in documentation structure.
I’m sorry for waiting, I didn’t see the notification.
Macros not stored in the Windows registry and configuration files.
You can verify this by opening ProcMon, then adding a macro and saving the document.
Macros are located in the structure of the document
I agree, but the user makes this decision.
Hey @kiada
If you still have any questions about macros in desktop editors, we will always be happy to answer.