"Dr. Arne Babenhauserheide" writes:
> … and to the topic: this may be something that could be re-used in
> eww.
Yup. Or Emacs could even provide a unified interface to ask security
questions.
> Though I would prefer having a less-intrusive notification than a y-n
> question; maybe just a messag
Ihor Radchenko writes:
> "Dr. Arne Babenhauserheide" writes:
>
>> One idea that could work well is to add an explicit allow-list
>> trusted-sources-to-allow-unsafe-modes with entries of domain and
>> path-prefix where people can add trusted sources.
>>
>> If for example my server were draketo.d
"Dr. Arne Babenhauserheide" writes:
> Max Nikulin writes:
>
>> How are you going to distinguish your personal files and arbitrary
>> files from non-trusted sources? By signing your files and maintaining
>> list of trusted certificates?
>
> One idea that could work well is to add an explicit allo
Jean Louis writes:
> * Dr. Arne Babenhauserheide [2022-10-28 01:11]:
>>
>> Max Nikulin writes:
>>
>> > How are you going to distinguish your personal files and arbitrary
>> > files from non-trusted sources? By signing your files and maintaining
>> > list of trusted certificates?
>>
>> One i
* Dr. Arne Babenhauserheide [2022-10-28 01:11]:
>
> Max Nikulin writes:
>
> > How are you going to distinguish your personal files and arbitrary
> > files from non-trusted sources? By signing your files and maintaining
> > list of trusted certificates?
>
> One idea that could work well is to a
Max Nikulin writes:
> How are you going to distinguish your personal files and arbitrary
> files from non-trusted sources? By signing your files and maintaining
> list of trusted certificates?
One idea that could work well is to add an explicit allow-list
trusted-sources-to-allow-unsafe-modes w
Jean Louis writes:
> * Max Nikulin [2022-10-27 18:40]:
>> On 27/10/2022 11:55, Jean Louis wrote:
>> >
>> > Now is clear that main problem here is that Org advertises somewhere
>> > to be "text" in MIME context, while it is not, it is by default
>> > "application" and thus unsafe, see:
>> ...
>
I think that this would be very useful for me. In fact, it would be a
good way to make Emac work without being a tool for corporations (as
Firefox is) to control user's computers (unless the user decides to
allow running Babel by default). Maybe even Gemini is a good candidate
to work this out.
El 2022-10-27 13:25, Jean Louis escribió:
> But I am doing it wrong, that will correctly invoke org mode, but then
> it does not return back to normal EWW work. I have tried to remember
> the major mode and invoke it again. But it is not that it works.
Isn't that what hooks do? Perhaps I did not
* Max Nikulin [2022-10-27 18:41]:
> Chromium is able to display text/x-org internally just as text/plain and I
> like it as a way to preview and review file contents.
Org file is for Emacs. It is not for Chromium.
Just as you can display application/json in Chromium as text, does not
make applic
* Max Nikulin [2022-10-27 18:40]:
> On 27/10/2022 11:55, Jean Louis wrote:
> >
> > Now is clear that main problem here is that Org advertises somewhere
> > to be "text" in MIME context, while it is not, it is by default
> > "application" and thus unsafe, see:
> ...
> > Text Media Types
> > https:
On 27/10/2022 11:55, Jean Louis wrote:
Now is clear that main problem here is that Org advertises somewhere
to be "text" in MIME context, while it is not, it is by default
"application" and thus unsafe, see:
...
Text Media Types
https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.1
I d
Jean Louis writes:
> * Andreas Schwab [2022-10-27 11:03]:
>> On Okt 26 2022, Jean Louis wrote:
>>
>> > With "predicate" do you mean URI scheme?
>>
>> When I write predicate, I mean predicate.
>
> Can that predicate understand content type?
A predicate is a function that returns true or false
On Okt 27 2022, Jean Louis wrote:
> Can that predicate understand content type?
It can use whatever it needs to determine the handler.
--
Andreas Schwab, SUSE Labs, sch...@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely differen
writes:
> [[PGP Signed Part:Good signature from 05C82CF57AD1DA46 tomás zerolo (moep
> moep) (trust undefined) created at
> 2022-10-27T06:25:44+0200 using DSA]]
> On Wed, Oct 26, 2022 at 11:16:15PM +0200, Dr. Arne Babenhauserheide wrote:
>
> [...]
>
>> > That is not business of web server, HTT
Tim Cross writes:
> and people constantly use M-x package-install to install packages
> from GNU ELPA, nonGNU ELPA and MELPA, often with this misguided belief
> that these packages are being vetted by the security fairies.
Yes, and no. There is still a world of a difference between "any random
* Andreas Schwab [2022-10-27 11:03]:
> On Okt 26 2022, Jean Louis wrote:
>
> > With "predicate" do you mean URI scheme?
>
> When I write predicate, I mean predicate.
Can that predicate understand content type?
Do you have an example?
--
Jean
Take action in Free Software Foundation campaigns:
On Okt 26 2022, Jean Louis wrote:
> With "predicate" do you mean URI scheme?
When I write predicate, I mean predicate.
--
Andreas Schwab, SUSE Labs, sch...@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."
On Wed, Oct 26, 2022 at 11:16:15PM +0200, Dr. Arne Babenhauserheide wrote:
[...]
> > That is not business of web server, HTTP or browser. Those are
> > delivery, retrieval and presentation tools
>
> Yet there is so such separation between eww and org-mode.
I think this was a
"Dr. Arne Babenhauserheide" writes:
> [[PGP Signed Part:Undecided]]
>
> Ihor Radchenko writes:
>
>> If necessary, we can introduce a special variable in Org mode that will
>> disable all the potential third-party code evaluation, even if user has
>> customized Org to execute code without promp
On 26-10-2022 20:37, Jean Louis wrote:
I do not have special opinion of "publishing Org files" for unknown
people, if such people are not member of the group. That would require
training them to know what is Org mode, and finally why? Emacs is poor
general browser tool.
Greatest benefit of Org
Stefan Kangas writes:
> Ihor Radchenko writes:
>
>> The "problem" with shell links you are describing is a question of
>> setting variables and is also disabled by default.
>>
>> eww-mode, when loading Org page, could simply set
>> org-link-shell-confirm-function to its default value.
>
> Note
Jean Louis writes:
> Browser like EWW, being able to accept content types, should give to
> user the option to decide if to open PDF file by integrated PDF viewer
> or any external PDF viewer, or to download the file, or to open the
> file by user's customized function, mode or program.
I’m not
On 26-10-2022 10:24, Jean Louis wrote:
* Ihor Radchenko [2022-10-26 09:52]:
Strictly speaking, even eww-mode may run arbitrary code given that
user
puts something into eww-mode-hook.
eww-mode-hook is a variable defined in ‘eww.el’.
Its value is (org-eww-extend-eww-keymap)
Please help me re
* Max Nikulin [2022-10-26 20:10]:
> If you were just requested mapping of Content-Type to some mode in
> eww, perhaps it would pass.
That is exactly what I need, thanks
> You demanded Org mode configured by default.
Hmm, that could be some misunderstanding. I have .mailcap file and I
know I can
* Andreas Schwab [2022-10-26 16:58]:
> On Okt 26 2022, Jean Louis wrote:
>
> > * Andreas Schwab [2022-10-26 15:48]:
> >> On Okt 26 2022, Jean Louis wrote:
> >>
> >> > If there is way to extend EWW and Emacs in such way that I can tell
> >> > EWW what to do on certain content type, just as I do
On 26/10/2022 15:21, Jean Louis wrote:
(defun browse-safe-url (url &optional arg)
"Browse URL with b"
(let ((username "joedoe")) ;; different username than my own
;; Insecurity settings for personal DISPLAY only
(shell-command "xhost +")
;; Browse URL
On Okt 26 2022, Jean Louis wrote:
> * Andreas Schwab [2022-10-26 15:48]:
>> On Okt 26 2022, Jean Louis wrote:
>>
>> > If there is way to extend EWW and Emacs in such way that I can tell
>> > EWW what to do on certain content type, just as I do with other
>> > browsers, that would solve the probl
* Rudolf Adamkovič via "Bug reports for GNU Emacs, the Swiss army knife of text
editors [2022-10-26 16:10]:
> So, I evaluated
>
> (add-to-list 'mailcap-mime-data
>(list "org"
> (cons 'viewer 'org-mode)
> (cons 'type "text/x-org")))
>
> but it
* Andreas Schwab [2022-10-26 15:48]:
> On Okt 26 2022, Jean Louis wrote:
>
> > If there is way to extend EWW and Emacs in such way that I can tell
> > EWW what to do on certain content type, just as I do with other
> > browsers, that would solve the problem.
>
> This is what browse-url-handlers
Ihor Radchenko writes:
>> Note that with the suggested feature, any link you follow risks being
>> loaded in Org mode, before the user even has a chance to inspect the
>> file. Which Org features, currently existing or introduced in the
>> future, would EWW have to add workarounds for?
>
> That'
Ihor Radchenko writes:
> If necessary, we can introduce a special variable in Org mode that will
> disable all the potential third-party code evaluation, even if user has
> customized Org to execute code without prompt.
If that would be part of org-mode, this would be close to a
safe-org-mode.
* Ihor Radchenko [2022-10-26 09:52]:
> Strictly speaking, even eww-mode may run arbitrary code given that user
> puts something into eww-mode-hook.
eww-mode-hook is a variable defined in ‘eww.el’.
Its value is (org-eww-extend-eww-keymap)
Please help me recognize content type by using eww-mode-h
* Stefan Kangas [2022-10-26 09:08]:
> Ihor Radchenko writes:
>
> > The "problem" with shell links you are describing is a question of
> > setting variables and is also disabled by default.
> >
> > eww-mode, when loading Org page, could simply set
> > org-link-shell-confirm-function to its defaul
Stefan Kangas writes:
> Ihor Radchenko writes:
>
>> The "problem" with shell links you are describing is a question of
>> setting variables and is also disabled by default.
>>
>> eww-mode, when loading Org page, could simply set
>> org-link-shell-confirm-function to its default value.
>
> Note t
Ihor Radchenko writes:
> The "problem" with shell links you are describing is a question of
> setting variables and is also disabled by default.
>
> eww-mode, when loading Org page, could simply set
> org-link-shell-confirm-function to its default value.
Note that with the suggested feature, any
36 matches
Mail list logo
