GNU bug report logs - #21650
24.5; mh-e keeps trying to open urls

Previous Next

Full log

Message #24 received at 21650 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: "Simon J. Gerraty" <sjg <at> juniper.net>
Cc: 21650 <at> debbugs.gnu.org, sjg <at> juniper.net
Subject: Re: bug#21650: 24.5; mh-e keeps trying to open urls
Date: Fri, 09 Oct 2015 10:11:54 +0300

> CC: <21650 <at> debbugs.gnu.org>, <sjg <at> juniper.net>
> From: "Simon J. Gerraty" <sjg <at> juniper.net>
> Date: Thu, 8 Oct 2015 13:19:18 -0700
> 
> Eli Zaretskii <eliz <at> gnu.org> wrote:
> > > How do I tell Emacs that under absolutely no circumstances do I want it
> > > to do this?
> > 
> > What exactly is that "this" that you don't want Emacs to do?  
> 
> Sorry, I was refering to the opening of urls (tls or otherwise)
> especially before I've had a chance to even see what they are.
> 
> That's a serious attack vector and why I would never choose an html
> enabled mail reader.
> 
> Unfortunately my mail reader of choice (for the last 20 years or so;-)
> seems to have morphed into one.
> I'm hoping that that can be turned off.
> 
> > It's
> > hard to help without understanding which part of what you described is
> > the problem.  (Maybe it's because I don't use MH-E; but TLS
> > connections are in Emacs core, not in MH-E, which just uses it.)
> 
> Sorry, mh-e may be a red-herring.
> I want to prevent Emacs from opening http[s] urls - at the very least
> while scanning mail that I've not even been able to read yet.

OK, it's clear now, even to me, thanks ;-)

You've got several suggestions for how to present additional
information about what triggers the URL access.  I think that
information will allow us to help you disable this.

In generally, I'd expect to see some option in MH-E to disable this.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.