From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id yCizGiof2GHu7AAAgWs5BA (envelope-from ) for ; Fri, 07 Jan 2022 12:08:26 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id 4IYIGCof2GGPCAEA9RJhRA (envelope-from ) for ; Fri, 07 Jan 2022 12:08:26 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id ECDA2AAE3 for ; Fri, 7 Jan 2022 12:08:25 +0100 (CET) Received: from localhost ([::1]:38102 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1n5n6f-0004JI-48 for larch@yhetil.org; Fri, 07 Jan 2022 06:08:25 -0500 Received: from eggs.gnu.org ([209.51.188.92]:44750) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n5n1x-0006b6-4e for emacs-orgmode@gnu.org; Fri, 07 Jan 2022 06:03:33 -0500 Received: from ciao.gmane.io ([116.202.254.214]:41126) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n5n1v-0001jm-Cy for emacs-orgmode@gnu.org; Fri, 07 Jan 2022 06:03:32 -0500 Received: from list by ciao.gmane.io with local (Exim 4.92) (envelope-from ) id 1n5n1s-0005MU-5O for emacs-orgmode@gnu.org; Fri, 07 Jan 2022 12:03:28 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: emacs-orgmode@gnu.org From: Max Nikulin Subject: Re: [PATCH] Fix FAQ entry about mailto links. Date: Fri, 7 Jan 2022 18:03:19 +0700 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 In-Reply-To: Content-Language: en-US Received-SPF: pass client-ip=116.202.254.214; envelope-from=geo-emacs-orgmode@m.gmane-mx.org; helo=ciao.gmane.io X-Spam_score_int: 1 X-Spam_score: 0.1 X-Spam_bar: / X-Spam_report: (0.1 / 5.0 requ) BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FORGED_MUA_MOZILLA=2.309, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, NICE_REPLY_A=-2.691, NML_ADSP_CUSTOM_MED=0.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: "Emacs-orgmode" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1641553706; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=G3HdwqiP8a7vtAY9pSePpsOOz+L/o3bf+XySOl+lx50=; b=YAXn9HsTkovXmGhkkooN7NvOoaw1lAgrElIWbZNcEp8Z4GbA2wLGnpTZCvWSOoar9ZOHJN kFLcFiRfb2ZPRQhgLVjylPM6aNtU7KGbL5ZY9ZaxiBi4rDsVEXXyuf7Ka7a9a9WMp2WYik eOVSlH90zvxk9FNe9hdjzJHzYluN7TPfzsh2+KFRkOkvNmAxDtHA7NjlJySFuVGNSv65Mx pEZ93t4t7lpCxyHVffUHHOMJVFQq8AgL8BgZ4ApuQuMxu5o+GLo34sUn6p1Zv876gv4ACh 0eOc6CIKgvrUv9qNog+STuiZRriA5Lkc9lGFpPiP9DVJq/gBHOlCS5eETpFtKw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1641553706; a=rsa-sha256; cv=none; b=mr7wd9uMANKYZhCd/bdi8PT3XFc/smuiVeic8yMh0fPjMuuUL3K7SN6FrQXF8VnJfezvBa h1xQdXRQC51UOHk3MorfF3MwwcLgqxs60bK3W6OtdqSWoEbKpH3sdt6Q0ASM9FUEYuTaey CKl47G+92gvE/eHmZvU6xw8lNYyV2NEoBuEuGivN9f4M/E7fUjREkVn3Q145GjHJp7Pn0G gOI6aGL7E+WSZOLxr0IploJEAL8a5BJ8HbSNOlKQm4RQacDHCBQlWTxNrnLoVK4/jHmeN0 5OV5XSZUhhZk1EpOgTMYV7d2ExFKYf/B/1YbNB2se4SoCtINUAhG+eTbvwmjsA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.50 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: ECDA2AAE3 X-Spam-Score: -2.50 X-Migadu-Scanner: scn0.migadu.com X-TUID: /S1mU21xhpa6 On 07/01/2022 01:34, Robert Goldman wrote: > > The old entry referred to the variable =org-link-mailto-program= which > was removed from org-mode almost eight years ago!  See org-mode commit > b9f2e17f07faf01109fc6f7f1eb5a34e0f97eafb Unfortunately FAQ has a lot of obsolete recipes. Generally it is great when answers are updated with contemporary info. I have a couple of questions concerning your patch though. > diff --git a/org-faq.org b/org-faq.org > >  The default function called is =browse-url=, which opens a mail >  composition buffer within Emacs. The type of buffer opened by > -browse-url depends on the setting of the variable =mail-user-agent=. > +=browse-url= depends on the setting of the variable =mail-user-agent=. [[info:emacs#Browse-URL][info "(emacs) Browse-URL"]] link to the Emacs manual might be used. I am unsure however if it is really necessary. > +You can also change the function used to a different one.  For > +example, the following function (on MacOS) opens =mailto:= links in > +the =MailMate= program: > + > +#+begin_src elisp > +("mailto" :follow ^ It seems, `org-link-set-parameters' is missed. I am not an experienced emacs user, so my question may be naive. There is `browse-url-mailto-function' since Emacs-24.1 that should be called by `browse-url'. Is there a reason to avoid its customization instead? > +      (lambda > +        (path) > +        (shell-command > +         (format "open -a MailMate 'mailto:%s'" path)))) > +#+end_src Shell commands require a lot of care otherwise they become an open door to security vulnerabilities. I am a linux user and I have tried a dialog application instead of real mailer for a test: ---- >8 ---- #+begin_src elisp :results silent (org-link-set-parameters "mailto" :follow (lambda (path) (shell-command (format "zenity --info --no-markup --title 'org mailto: test' --text 'mailto:%s'" path)))) #+end_src [[mailto:Hacker '`mktemp mailto-vulnerability.XXXXXX`' ]] ---- 8< ----- Following the link (C-c C-o) caused creation of a file in the current directory. Arguments to shell should be at least passed through `shell-quote-argument'. A better way is to use more verbose function that accepts arguments as a list and directly executes the binary without interpreting anything by shell. Another problem that the command above blocked emacs session. I do not know a reliable way to launch a detached process from emacs. When someone adds a code that should perform such task, it usually suffers from a decade-old bug https://lists.gnu.org/archive/html/emacs-devel/2009-07/msg00279.html Current code in `mailcup-view-mime' and in `org-open-file' suffers from at least three other problems: I do not know anything about first one besides that it is somehow related to compatibility, another one assumed to be rather rare, third one is that the process have to be killed on exiting from emacs. So, I hope, `make-process' is better than `shell-command', but a specific application might make emacs CPU hungry. A recipe having security issues, in my opinion, is worse than no example at all.