From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id yKGbLKUSW2McqQAAbAwnHQ (envelope-from ) for ; Fri, 28 Oct 2022 01:22:13 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id EPCMLKUSW2NFYQAA9RJhRA (envelope-from ) for ; Fri, 28 Oct 2022 01:22:13 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8D2B3127B8 for ; Fri, 28 Oct 2022 01:22:13 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ooC9x-0005Ox-JA; Thu, 27 Oct 2022 19:19:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ooC9v-0005Ol-R7 for emacs-orgmode@gnu.org; Thu, 27 Oct 2022 19:19:36 -0400 Received: from mout01.posteo.de ([185.67.36.65]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ooC9u-0005PR-0B for emacs-orgmode@gnu.org; Thu, 27 Oct 2022 19:19:35 -0400 Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id EF487240026 for ; Fri, 28 Oct 2022 01:19:29 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1666912772; bh=gL1SiaWC8TqqovOmN8EnMRqqFKhJUhxtdXV3/kPYf7o=; h=From:To:Cc:Subject:Date:From; b=LJVCjEZtgcbCTe+2RAEajxADxPFtfbxvTz+G7T+9g6Y/X0CL811khkbOo80iPuN/A 5f3anaTykkgTR8YuqSn1dSVtLq5RSlKTNx/KhLxDxXGbsTs0XUzxmdBtCvUa2ZfRNB hWjGYZihCEveAulKxIPyZW9QQLS4VDsq9SPx1DLkciLTrwK8wVRzgnUDJdmCO3sG6T iSDLe905WF/52zQ6AiMnyJ47vrHRbRyQA1+GePDiz3Qkw1HDtDJqTIBMckGTAMLc4a j75X9yvZCI4dS3h/vvIgSV0pGVBjiGGKunzv/bicjDvLgT0EPES5aWp9sivQeg9AH1 BzxERyzJqYzsg== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4Mz1pj4Kznz6tmH; Fri, 28 Oct 2022 01:19:25 +0200 (CEST) From: Ihor Radchenko To: "Dr. Arne Babenhauserheide" Cc: Max Nikulin , 58774@debbugs.gnu.org, emacs-orgmode@gnu.org Subject: Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly In-Reply-To: <87y1t0or6q.fsf@web.de> References: <86bkq0qf8p.fsf@protected.rcdrun.com> <87y1t0or6q.fsf@web.de> Date: Thu, 27 Oct 2022 23:20:08 +0000 Message-ID: <87zgdgn9av.fsf@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=185.67.36.65; envelope-from=yantar92@posteo.net; helo=mout01.posteo.de X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Emacs-orgmode" Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1666912933; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=UDRErfKxWOsKLWSnVphJBSjK2iu61O5QFbvOTQSlcmU=; b=LjTjQvX7E6vvCcjxN9T/K9zOpUr8MrDjhGkN1b4OeJYu31IhEX8VZNhqD7h3u6RDBhGTn7 lgn9lGsQQhQOxKqf0jxXDsdAgX1vRuub5mXoAOQbnyQBYFF/ZfExzeOn8pXkZnr0ckfLDu qtUvmuTu222w2Ar42NEkSjutet3S/xhBO+1o12Ta99Lp1vElUhv/Gfh/BeV8pTB1l3f4F5 A+1Ao/re5ZLmmVkv1OiOD7VFLgQtDxN6izmXRnFDdAeRTd9Q0mdqnBwL7ZkK2RGhOy7qlX Ph3VOw1OQdcYlipDV0DlUV0F/ELCgn8thk1QUqw/ZEZrbuHW9zQXOtMM1l65yg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1666912933; a=rsa-sha256; cv=none; b=fPMWKbL8zhF5Pryt2s4SRrFSqvQBfzqlHUndhi2w0Pmg4vYGtyhXTOuP9wT9fPIOhf1xei B6023fdgXM4Ny5rwhyb/Jk5uwsBypul1TLPNuhJrpwKfEezCfWhpkz0NWGcIKvK2QZpZZt +6DhsNJorsdeD19vJnxYs/yOF6mzPxAs0MAMvbOcizfDEl/I3EoJ8BiP7EGwzO+PXS57Om d/irzvkCp/j2+XCBaYyI35Y2myoqELtUwSbTHi+/Ty6cLmrKC/Ksi406pvIbUxYI60p89O qT938n+q1S3vG0wV4gL+2zTJi6FGAE3JWE/ZTwVr+e3l9bl39FZk9RkvAcybfA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=LJVCjEZt; dmarc=pass (policy=none) header.from=posteo.net; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -1.91 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=LJVCjEZt; dmarc=pass (policy=none) header.from=posteo.net; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 8D2B3127B8 X-Spam-Score: -1.91 X-Migadu-Scanner: scn1.migadu.com X-TUID: 8TpyKj8+bExh "Dr. Arne Babenhauserheide" writes: > Max Nikulin writes: > >> How are you going to distinguish your personal files and arbitrary >> files from non-trusted sources? By signing your files and maintaining >> list of trusted certificates? > > One idea that could work well is to add an explicit allow-list > trusted-sources-to-allow-unsafe-modes with entries of domain and > path-prefix where people can add trusted sources. > > If for example my server were draketo.de,=C2=B9 I could set this list to > > '(("https://www.draketo.de" "/software")) > > and when I would then open a link like > > https://www.draketo.de/software/advent-of-wisp-code-2021.org > > with eww, it would directly switch to org-mode. > > > If, however, I would open the link > > https://draketo.de.evil.attacks/software/advent-of-wisp-code-2021.org > > with eww, it would display it as plain text, because it would not be in > the list of trusted sources. I am a bit lost about the aim of this tread, but let me share some existing remote resource controls we have employed on the latest Org: (defun org--should-fetch-remote-resource-p (uri) "Return non-nil if the URI should be fetched." (defun org--safe-remote-resource-p (uri) "Return non-nil if URI is considered safe. This checks every pattern in `org-safe-remote-resources', and returns non-nil if any of them match." (defun org--confirm-resource-safe (uri) "Ask the user if URI should be considered safe, returning non-nil if so." You can check the implementation at https://git.savannah.gnu.org/cgit/emacs/org-mode.git/tree/lisp/org.el#n4540 --=20 Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at . Support Org development at , or support my work at