Re: [PATCH v2] Add resolve-relative-reference in (web uri), as in RFC 3986 5.2.

2023-10-03 Thread Maxime Devos
Op 02-10-2023 om 18:32 schreef Vivien Kraus: Hi! Are there other things to fix? You forgot to include the warning of potential security issues in the documentation -- I don't mean that Guile should fix the issues (it can't), but rather that its documentation should inform the user that th

Re: [PATCH v2] Add resolve-relative-reference in (web uri), as in RFC 3986 5.2.

2023-10-03 Thread Dale Mellor
On Tue, 2023-10-03 at 20:49 +0200, Maxime Devos wrote: > > subtle spelling error: subtleties -> subtleties That's pretty subtle!

Re: [PATCH v4 4/4] load: Display modules depth in output when using %load-verbosely.

2023-10-03 Thread Maxime Devos
Op 02-10-2023 om 18:13 schreef Maxim Cournoyer: Something I didn't notice previously: Op 25-09-2023 om 16:29 schreef Maxim Cournoyer: + if (scm_is_string (args)) { + /* C code written for 3.9 and earlier expects this function to + take a single argument (the file name). */ +

Re: [PATCH v2] Add resolve-relative-reference in (web uri), as in RFC 3986 5.2.

2023-10-03 Thread Maxime Devos
Op 03-10-2023 om 20:56 schreef Dale Mellor: On Tue, 2023-10-03 at 20:49 +0200, Maxime Devos wrote: subtle spelling error: subtleties -> subtleties That's pretty subtle! Oops, I corrected the spelling error too early: subtelties -> subtleties OpenPGP_0x49E3EE22191725EE.asc Descript

Re: [PATCH] Add resolve-relative-reference in (web uri), as in RFC 3986 5.2.

2023-10-03 Thread Vivien Kraus
Hello! Le lundi 25 septembre 2023 à 22:46 +0200, Maxime Devos a écrit : > However, there are also some dangers on doing this > thing -- the ‘external’ page https://example.com/data.json could > redirect to > http://localhost/unsecured-secret-but-its-localhost-only-so-it-is-safe > . Since you w

Re: [PATCH] Add resolve-relative-reference in (web uri), as in RFC 3986 5.2.

2023-10-03 Thread Maxime Devos
Op 03-10-2023 om 22:03 schreef Vivien Kraus: Hello! Le lundi 25 septembre 2023 à 22:46 +0200, Maxime Devos a écrit : However, there are also some dangers on doing this thing -- the ‘external’ pagehttps://example.com/data.json  could redirect to http://localhost/unsecured-secret-but-its-localho

Re: [PATCH] Add resolve-relative-reference in (web uri), as in RFC 3986 5.2.

2023-10-03 Thread Maxime Devos
    The best prevention is not allowing redirects at all or only     allowing redirections that keep the hostname intact -- while an     option for much software, it isn't an option for web browsers. Partially scratch that -- restricting to ‘keeping hostname intact’ is insufficient, becaus

Re: [PATCH v4 4/4] load: Display modules depth in output when using %load-verbosely.

2023-10-03 Thread Maxim Cournoyer
Hello! Maxime Devos writes: > Op 02-10-2023 om 18:13 schreef Maxim Cournoyer: >>> Something I didn't notice previously: >>> >>> Op 25-09-2023 om 16:29 schreef Maxim Cournoyer: + if (scm_is_string (args)) { + /* C code written for 3.9 and earlier expects this function to +

Re: [PATCH] Add resolve-relative-reference in (web uri), as in RFC 3986 5.2.

2023-10-03 Thread Vivien Kraus
Le mercredi 04 octobre 2023 à 00:30 +0200, Maxime Devos a écrit : > > >       The best prevention is not allowing redirects at all or only > >       allowing redirections that keep the hostname intact -- while > > an > >       option for much software, it isn't an option for web > > browsers. > >