From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id UA6qAS6qWWOttwAAbAwnHQ (envelope-from ) for ; Wed, 26 Oct 2022 23:44:14 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id +AZ9AS6qWWP1CgEAauVa8A (envelope-from ) for ; Wed, 26 Oct 2022 23:44:14 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id AF62C3D2E0 for ; Wed, 26 Oct 2022 23:44:13 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ono8B-0000hZ-20; Wed, 26 Oct 2022 17:40:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ono89-0000PG-3Z for emacs-orgmode@gnu.org; Wed, 26 Oct 2022 17:40:09 -0400 Received: from mail-pj1-x102c.google.com ([2607:f8b0:4864:20::102c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ono85-0005Ml-8X for emacs-orgmode@gnu.org; Wed, 26 Oct 2022 17:40:08 -0400 Received: by mail-pj1-x102c.google.com with SMTP id l6so11764163pjj.0 for ; Wed, 26 Oct 2022 14:40:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:message-id:in-reply-to:date:subject:to:from:user-agent :references:from:to:cc:subject:date:message-id:reply-to; bh=u322wWRe1DVoVlVMy/irxoYAG7kHFsOUYzkdwr9OkOM=; b=pqN72Bfz4daLOkxdOCRJzxNs6DzuGV9G8bPMUeXZ66uTYr8MlNDO4jPuStWZAwu8bx QaOVcHvKuI4tw3z8fI5ZAy0WF6g6JE5gqIXf6NBaUjPqDc9G0eOVgYtw7O6QiQPBg3P3 dEBdyOdpXNpwGN01rl+baAe75jNwyoUcrptU4lr0M00KjW9D1qnDZm6Gtlf8Mhg13c6V +1V5nxjcvdgC61qmw1sBqni/zQ7kJhlIBaCTZoFMO57LQMapMeFlgrmkUc8wbqMXTaE8 YBwUUUMOmboxYotU6YUDDzraiml9YqF7yYDmQaNAt/5HMQZbT3e8kQqzYzEt2C572Gf+ jRvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:message-id:in-reply-to:date:subject:to:from:user-agent :references:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=u322wWRe1DVoVlVMy/irxoYAG7kHFsOUYzkdwr9OkOM=; b=Ynf991hclMIWRZVHfYEsFxox3106yo53dlou3aAMJ+M3NnhXsv0if53g5CyYLu61ub 3z6EJwUFCTMIYxG3ZfFcmpcGUDI95V84lk3ypgEVH7ZY/+2Eo5KAjEluHYFdCw1IR3h5 7dN0Ndlr0gBRqLiukOjj/L/itM4lt5i9YRzBhzfSM2kmZVsQY139zcQ566iKfM9OsX65 J4dnRySvJQJNQ+/1nregtskiS0OT+2iQqTDXXJbs8Bx65yHAP38fjBlUDsoepAYHlWI5 5gRCm8PeuRkv+ggXoEFyGTgNJDre/VE2iAg2S+W63Qy81jULua5/OPN88HNEwx/LL4Po 6yew== X-Gm-Message-State: ACrzQf37vHvVzvty7hHbD01667b/bMV+sXy76jRPy6eDIKk07nJkTzO4 XcIWUID/DNpiSIN9R1kP1V1XigJol2Q= X-Google-Smtp-Source: AMsMyM4iJrbJXZzrCDTshhlT0tuJFuTQMFpmH28u4rn0gQgbWQ3DYi9MOm7HBQxYLCO2iBjuxVunow== X-Received: by 2002:a17:90b:3912:b0:20d:4151:1b65 with SMTP id ob18-20020a17090b391200b0020d41511b65mr6445957pjb.233.1666820401772; Wed, 26 Oct 2022 14:40:01 -0700 (PDT) Received: from dingbat (220-235-181-183.dyn.iinet.net.au. [220.235.181.183]) by smtp.gmail.com with ESMTPSA id k1-20020a170902c40100b00186a8085382sm3396316plk.43.2022.10.26.14.40.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Oct 2022 14:40:01 -0700 (PDT) References: <86bkq0qf8p.fsf@protected.rcdrun.com> <87bkq0t03l.fsf@web.de> <87v8o7qzff.fsf@localhost> User-agent: mu4e 1.9.1; emacs 29.0.50 From: Tim Cross To: emacs-orgmode@gnu.org Subject: Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly Date: Thu, 27 Oct 2022 07:00:28 +1100 In-reply-to: Message-ID: <8635bamfgy.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=2607:f8b0:4864:20::102c; envelope-from=theophilusx@gmail.com; helo=mail-pj1-x102c.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Emacs-orgmode" Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1666820653; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=u322wWRe1DVoVlVMy/irxoYAG7kHFsOUYzkdwr9OkOM=; b=Nj5d0onj21QkE1R/vIm1VLLiXLRnPYGqmOv46k1AaPblMWQGIj4ONvQeQeKOb1jRSk1JRj PH0qterZtlfvAwHV75DCvDCa8RcHxoehAaEERYdMv9ZA0xFhuK9xWenvNuRXmTHzBoRc/M mpAt5oHnZVfgBOp6NndwnsERZJVtJS64XAVwAOwlz7wG3sy1I5YgFzqJeQFC2hUvF0OCZb tGdb7yKNZ2Fa6XGg4MKGB7ZKcY+nBMrvZwrGENVUVGRk+cpMjilHnQIaEW18pNr/76l5oL D7tDvAsQz+kta53yK3O43msaTGhcO+raT0zcQ1Yno+ztkKaE1T7dMOM9d57XNQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1666820653; a=rsa-sha256; cv=none; b=P0BOAJ5QTBSbSmXhWo2/8iv6kqJ+7xsPum3DLTm65Qt6WTU5AuxeA4MiUTo8xxXch4UvZ8 5v/G31nJpax6ZNpcgvgu0Ht9gjiNEIQuQTbVCt7QqjG/6Gf0N4f+fzxfLpg2UzIdpFjsY8 huz6VxTi/ckd40/KAWfrXFU5+tyo4GpjKeidonamf1IiMqzBFOsPPRa3taUqtwvhiTtM/q qCWuRG6nGTQmPqxzLR2ICwhx0/unqKvMv3n1ic1mNm39lf37Jf1ZsHwBuKi5YMm2PVwpbM 3w9HKs5q6Q66K1dMGWjj1BgpvndQBXgxFi+kQ/Mr4PcQGenq97zaJLr6sYtNbg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=pqN72Bfz; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.42 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=pqN72Bfz; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: AF62C3D2E0 X-Spam-Score: -2.42 X-Migadu-Scanner: scn1.migadu.com X-TUID: 0QCIq6W5a0dC Stefan Kangas writes: > Ihor Radchenko writes: > >> The "problem" with shell links you are describing is a question of >> setting variables and is also disabled by default. >> >> eww-mode, when loading Org page, could simply set >> org-link-shell-confirm-function to its default value. > > Note that with the suggested feature, any link you follow risks being > loaded in Org mode, before the user even has a chance to inspect the > file. Which Org features, currently existing or introduced in the > future, would EWW have to add workarounds for? > > It is very hard to foresee which parts of Org will be problematic and > have to be disabled. See the security vulnerability in enriched-mode > that prompted the release of Emacs 25.3, for example. > > Adding this opens a can of worms that will expose unsuspecting users to > a whole class of new problems. And the only benefit is to save some > users from having to type "M-x org-mode RET", or adding call to a > suitable hook. > > All in all, this seems like a bad trade-off. So I don't think we should > add such a feature. This concern seems to be based on FUD rather than any real or identified risk. The risk here is no different to risks associated with opening any org document from a foreign source e.g. in an ELPA package. Note that org mode's default configuration wrt code execution is to ask the user for permission to execute. If the user can run M-x org-mode on eww buffer containing a text file which is an org file, the same risks apply and any vulnerability would need to be addressed anyway. This is also very different to the issues encountered with enrich text some years back. The problem then was with elisp code embedded in text properties. It was a bug in how enriched text processed the data. However, I think we are probably looking at this problem from the wrong level. It isn't really about how to get eww to render org files in org-mode. This issue is really about being able to customize what function is called to 'render' the data retrieved based on the content-type header of the content. Currently, it is fairly straight-forward to define a custom handler based on the URL, but not based on content-type. Being able to easily associate a function to handle downloaded content based on the content-type would be useful. Users could then easily add whatever functionality they wanted based on what the server told them about the content type.