GNU bug report logs - #65973
[PATCH] ; send filename, not full path, on EWW form submit

Previous Next

Package: emacs;

Reported by: daniel watson <ozzloy <at> challenge-bot.com>

Date: Thu, 14 Sep 2023 07:48:01 UTC

Severity: normal

Tags: patch

Done: Jim Porter <jporterbugs <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #46 received at 65973 <at> debbugs.gnu.org (full text, mbox):

From: Stefan Kangas <stefankangas <at> gmail.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: jporterbugs <at> gmail.com, ozzloy <at> challenge-bot.com, 65973 <at> debbugs.gnu.org,
 ozzloy <at> gmail.com, sebastian <at> sebasmonia.com
Subject: Re: bug#65973: [PATCH] ;
 send filename, not full path, on EWW form submit
Date: Fri, 8 Nov 2024 01:33:36 +0000

Eli Zaretskii <eliz <at> gnu.org> writes:

> The private information can be in the file name you send as well, so
> this is not a convincing argument.

True, but then at least it's obvious to the user that private
information is being sent.  Leaking your username on file upload is not
something that I believe most users would expect.  I didn't, at least.

> But since the RFC says to ignore the leading directories, I think the
> change is okay, provided we describe the rationale in the comments to
> the code.  It is very unusual thing in Emacs to remove leading
> directories from a file name, so doing so generally begs for some
> commentary.

It seems like we agree then, thanks.
This bug report was last modified 193 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.