GNU bug report logs - #58774
29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly

Previous Next

Package: emacs;

Reported by: Jean Louis <bugs <at> gnu.support>

Date: Tue, 25 Oct 2022 12:13:02 UTC

Severity: wishlist

Tags: wontfix

Found in version 29.0.50

Done: Stefan Kangas <stefankangas <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #144 received at 58774 <at> debbugs.gnu.org (full text, mbox):

From: Ihor Radchenko <yantar92 <at> posteo.net>
To: "Dr. Arne Babenhauserheide" <arne_bab <at> web.de>
Cc: 58774 <at> debbugs.gnu.org, Max Nikulin <manikulin <at> gmail.com>,
 emacs-orgmode <at> gnu.org
Subject: Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org
 files correctly
Date: Thu, 27 Oct 2022 23:20:08 +0000

"Dr. Arne Babenhauserheide" <arne_bab <at> web.de> writes:

> Max Nikulin <manikulin <at> gmail.com> writes:
>
>> How are you going to distinguish your personal files and arbitrary
>> files from non-trusted sources? By signing your files and maintaining
>> list of trusted certificates?
>
> One idea that could work well is to add an explicit allow-list
> trusted-sources-to-allow-unsafe-modes with entries of domain and
> path-prefix where people can add trusted sources.
>
> If for example my server were draketo.de,ยน I could set this list to
>
> '(("https://www.draketo.de" "/software"))
>
> and when I would then open a link like
>
>   https://www.draketo.de/software/advent-of-wisp-code-2021.org
>
> with eww, it would directly switch to org-mode.
>
>
> If, however, I would open the link
>
>   https://draketo.de.evil.attacks/software/advent-of-wisp-code-2021.org
>
> with eww, it would display it as plain text, because it would not be in
> the list of trusted sources.

I am a bit lost about the aim of this tread, but let me share some
existing remote resource controls we have employed on the latest Org:

(defun org--should-fetch-remote-resource-p (uri)
  "Return non-nil if the URI should be fetched."

(defun org--safe-remote-resource-p (uri)
  "Return non-nil if URI is considered safe.
This checks every pattern in `org-safe-remote-resources', and
returns non-nil if any of them match."

(defun org--confirm-resource-safe (uri)
  "Ask the user if URI should be considered safe, returning non-nil if so."

You can check the implementation at
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/tree/lisp/org.el#n4540

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>
This bug report was last modified 1 year and 259 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.