From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id YFSyJSmDv2XWYAAAe85BDQ:P1 (envelope-from ) for ; Sun, 04 Feb 2024 13:29:29 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id YFSyJSmDv2XWYAAAe85BDQ (envelope-from ) for ; Sun, 04 Feb 2024 13:29:29 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=XvcUT8Ku; dmarc=pass (policy=none) header.from=posteo.net; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1707049769; a=rsa-sha256; cv=none; b=nUgqryjNWFOtG12BQgKEfZ+jEakBpW/2EwTmV/f7le/RzxtxWOBLXAausNc/2UfxgZt7cr KqrSUsKVHNBTg1qUZ72uppOgDbfaFtif8b8uMyMQypMqz6AFhWh4wAnAu6Ow5Hs6JVMGnl Tq8Zu02tJkg7x0ASwNFF4gIRmWxKoz+VlBMy9+JEaS7tZPJQlNi0UAAppCqc8MDZ8NTPPk cfhZBHLpmP8En1Kmz64B/nZoFS3/xnuiJ84aEvIG0dNBy6eNOjFbS5mq/wl9BLPfQtdKvQ rCA3uopMtRVVJ+NOmqqrrY5/n4gzp7CW0EdquUM6ibNRJJVWgCjhSBGR3U3G4g== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=XvcUT8Ku; dmarc=pass (policy=none) header.from=posteo.net; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1707049769; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=yu85wW/URtMgoctqtEurC8uYGEV2+guz+OaRrYyQAm0=; b=WG1wftqEovZK33fMpyrYDi+h8tuotTeODUffqiho7a3fNyGIFFPIXfmW6JMC31sODWWndB LLWk7ooyjHWPhF8a7JSSNlNxeibItsr4W5MdRCJyZ7DKGw7ZkqKNUjIlCaPKQFvDTJq3n9 7rUTymSIGR9IQ4yggy661NHjufMHOClQsJIbKDrWiCxPjh5eDjeSlyFHoRI86TkQm2iWCr HudOY23Jf3dVPsEl4zcOvSgkSs/6p7MbLhFEM2kvjD36/S3emgJgQYvEiNOEtfUha1PYFr 8ePqryVK5o/PRYna5KmfuQEIHF022oIxcWUxLjlWvTpIJBvfAxs13Cal2Kl79Q== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 2F3B9D8E1 for ; Sun, 4 Feb 2024 13:29:29 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rWbcB-0004Ro-T1; Sun, 04 Feb 2024 07:28:51 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rWbcA-0004RM-3H for emacs-orgmode@gnu.org; Sun, 04 Feb 2024 07:28:50 -0500 Received: from mout01.posteo.de ([185.67.36.65]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rWbc7-0004i8-5d for emacs-orgmode@gnu.org; Sun, 04 Feb 2024 07:28:49 -0500 Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id 3C83B240027 for ; Sun, 4 Feb 2024 13:28:44 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1707049724; bh=ktgSgyBXY/sEZzqXy136INVXuxgTlMv3zc9gDx19iTc=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type: From; b=XvcUT8KuJHvLSdMlulja4B8jFjsAOqFdI5pQP+DsgT8QQoNZFtXah9b+mXESpQN0f y+yZ3xUQ+LzuXPz98tHpHp2Fc/+rb1E45q73Hzef2r54L3YxsPZRCZN7Pux7VzM6mk r+sLYDoIgj1TBAXD4dmbPYUuBMXYuPfM2U3pzmw27MkY0Vx7hD6shbrevppfNCAYyV pBdPX9EO6pglYgJ/HH2KLA1WfpzU9x+mPdhuUrGOT+azXvxu9zZywLpDpHbFt6Kk3f c/tB6b1hOTsj+A+d8sun1Wv0w4V5C6X3T33y4uH1EFKPSOwW+ghmuVnzy5aUXbCuo+ yRSVBztLGa59w== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4TSTMG2T1dz9rxF; Sun, 4 Feb 2024 13:28:42 +0100 (CET) From: Ihor Radchenko To: Max Nikulin Cc: emacs-orgmode@gnu.org Subject: Re: [BUG] Unsolicited download of remote resources In-Reply-To: References: <87wmrmskg3.fsf@localhost> Date: Sun, 04 Feb 2024 12:32:08 +0000 Message-ID: <87mssgmmuv.fsf@localhost> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=185.67.36.65; envelope-from=yantar92@posteo.net; helo=mout01.posteo.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Scanner: mx10.migadu.com X-Spam-Score: -6.89 X-Migadu-Queue-Id: 2F3B9D8E1 X-Migadu-Spam-Score: -6.89 X-TUID: PZ6kwO+8U3/H Max Nikulin writes: > However it may be unclear for users that setting `t' for > `org-resource-download-policy' is dangerous if they use Emacs as a mail > client or as a handler for opening links to .org files in browsers. I > would consider adding "dangerous" to the label of this option and a > warning to the docscring. Would you be interested to submit a patch? > Another my concern is an attack using an attachments with multiple > "#+setupfile:" keywords with remote URIs. Users will be tired declining > specific download requests without an option to ignore all remote > resources. I hope, C-g it is obvious enough and it works in gnus&Co. I > am unsure how to implement in Emacs an approach used e.g. in > Thunderbird. Remote content is blocked till an explicit user action and > a yellow bar with an unblock button is displayed at the top of the > message body pane. I am not in favor of creating such new interface as a part of Org mode. You can propose it to Emacs upstream. If they are interested, it is something we may consider. However, there have been multiple discussions about delayed prompts in the context of async ELisp evaluation - AFAIR, such ideas were not welcome on the grounds that such prompts may be missed by the users. What we can do is adding a new answer - "N" aka "no for all for the duration of current command". -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at . Support Org development at , or support my work at