Max Nikulin writes: > How are you going to distinguish your personal files and arbitrary > files from non-trusted sources? By signing your files and maintaining > list of trusted certificates? One idea that could work well is to add an explicit allow-list trusted-sources-to-allow-unsafe-modes with entries of domain and path-prefix where people can add trusted sources. If for example my server were draketo.de,¹ I could set this list to '(("https://www.draketo.de" "/software")) and when I would then open a link like https://www.draketo.de/software/advent-of-wisp-code-2021.org with eww, it would directly switch to org-mode. If, however, I would open the link https://draketo.de.evil.attacks/software/advent-of-wisp-code-2021.org with eww, it would display it as plain text, because it would not be in the list of trusted sources. Best wishes, Arne ¹: hypothetically speaking :-) -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de