From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jean Louis Newsgroups: gmane.emacs.bugs,gmane.emacs.orgmode Subject: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly Date: Thu, 27 Oct 2022 21:25:49 +0300 Message-ID: References: <86bkq0qf8p.fsf@protected.rcdrun.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="25790"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mutt/2.2.7+37 (a90f69b) (2022-09-02) Cc: 58774@debbugs.gnu.org, Org Mode List To: Max Nikulin Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Thu Oct 27 21:25:57 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oo8Vo-0005lT-AA for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 27 Oct 2022 21:25:56 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oo8Qa-0003ZO-Fu; Thu, 27 Oct 2022 15:20:32 -0400 Original-Received: from eggs.gnu.org ([209.51.188.92]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oo8Q7-0003P5-TW for bug-gnu-emacs@gnu.org; Thu, 27 Oct 2022 15:20:11 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oo8Q6-0001gi-S5 for bug-gnu-emacs@gnu.org; Thu, 27 Oct 2022 15:20:03 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oo8Q6-0006Ss-LJ for bug-gnu-emacs@gnu.org; Thu, 27 Oct 2022 15:20:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Jean Louis Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 27 Oct 2022 19:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 58774 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: wontfix Original-Received: via spool by 58774-submit@debbugs.gnu.org id=B58774.166689834424755 (code B ref 58774); Thu, 27 Oct 2022 19:20:02 +0000 Original-Received: (at 58774) by debbugs.gnu.org; 27 Oct 2022 19:19:04 +0000 Original-Received: from localhost ([127.0.0.1]:59386 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oo8P9-0006RC-Ca for submit@debbugs.gnu.org; Thu, 27 Oct 2022 15:19:03 -0400 Original-Received: from stw1.rcdrun.com ([217.170.207.13]:38105) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oo8P7-0006Po-Sg for 58774@debbugs.gnu.org; Thu, 27 Oct 2022 15:19:02 -0400 Original-Received: from localhost ([::ffff:102.85.119.94]) (AUTH: PLAIN admin, TLS: TLS1.3,256bits,ECDHE_RSA_AES_256_GCM_SHA384) by stw1.rcdrun.com with ESMTPSA id 0000000000081FC2.00000000635AD9A6.000042E4; Thu, 27 Oct 2022 12:19:01 -0700 Mail-Followup-To: Max Nikulin , 58774@debbugs.gnu.org, Org Mode List Content-Disposition: inline In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: "bug-gnu-emacs" Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:246355 gmane.emacs.orgmode:149998 Archived-At: * Max Nikulin [2022-10-27 18:41]: > Chromium is able to display text/x-org internally just as text/plain and I > like it as a way to preview and review file contents. Org file is for Emacs. It is not for Chromium. Just as you can display application/json in Chromium as text, does not make application/json less "application/*" MIME type. Displaying Org in Chromium is useless, as I cannot use Org features, Chromium is not for that, and it's not suitable example. Suitable example is that Chromium may be configured to open Org file correctly with Emacs and as you have mentioned, there will be executions. > I have not managed to configure Firefox to achieve the same behavior > that allows to avoid an external application (certainly not Emacs at > first). I wonder on which mailing list I am. Of course I want Org file be opened by Emacs. I am user of Org files and Emacs. I am not vim user (unless Emacs flunks). > > We can't just speak of safety alone when we are in general > > computing environment, we must also speak of usefulness. > > I do not mind to have org-view-mode that saves me from execution some code > unintentionally. Since most of the code was written without having in mind > such feature, I expect a lot of iterations before all possibilities to run > code will be plumbed. I suspect that it is possible to ruin whole protection > by a small piece of elisp code. I am unaware of sandboxing in Emacs. I > expect that making Org mode safe enough will require a lot of efforts by > developers. Exactly. > Your are pushing Org to rather hostile environment: highly automated > attacks to distribute exploits, market of breached computers > listening for remote commands. Tittle-tattle. 😵‍💫 But America has been already discovered. Remember, any type of application, software, is already for billions of times delivered by Internet and executed on user's devices. Flatpak, APK, EXE files, Java, shell files, hoooooo, too long list. And where we are now? In Emacs world, where packages are distributed from all kinds of sources and executed on users's computers. "Pushing Org" to rather hostile environment is exaggeration. > A running cryptominer would be rather innocent consequence, through > the same backdoor you may receive an encryptor or various stuff > searching for credentials and access tokens in your files. Of course I understand that. Do you wish to say that users should not have the freedom to customize web browser to click on Org file and open it with Emacs? Are we not on Emacs related mailing list? If I am pushing Org into hostile environment, than you are implying that we as Org users are hostile environemnt. Are we really? > Emacs is protected mostly by its low popularity. A lot of efforts > have been invested in browser making attacks more expensive, but > still attractive due to possible benefits. I do not like to increase > surface for attacks. Someone may create a plugin targeting Emacs > users just because it would be easy enough. And? > Consider converting Org files to HTML as an unpleasant tax for the > sake of safety. Personally, definitely not. Such files do not give me freedom to work with my Org data. It is way of presenting things, not handling it. > > All I want is to access my personal read-only Org files by using WWW > > and browse from one to the other by using links. > > How are you going to distinguish your personal files and arbitrary files > from non-trusted sources? By signing your files and maintaining list of > trusted certificates? 🤣 Am I Joe Biden or other gaga that I do not know what are my files? > For personal notes I would expect e.g. private instance of nextcloud > file share (that is internally HTTP server), not accessing files > directly through HTTP. HTTP is transfer protocol, not my mamma to tell me what I am going to transfer in my room. Nextcloud is application that runs on computer and is served by web server. It allows file share to public as well. I understand your point of protecting private files on web server. That shall be natural to every person hosting such files. Nextcloud is bloated way to do such hosting. Simplest way to protect files is to upload files and use web server authentication. And web server does not mean that files are distributed on public WWW. We use here ethernet, and we share files from device to device by using HTTP server. You can't access those files, they are beyond public IP address space. I need help to make it work right, can you help? I load this: (defvar eww-content-type nil) (put 'eww-content-type 'permanent-local t) then I put this below in `eww-render' after (let ;;; (setq eww-content-type content-type) Then I use this: (defun rcd-eww-content-type () (cond ((string-match-p "text/x-org" (car eww-content-type)) (org-mode)) (t WHAT-HERE?))) (add-hook 'eww-after-render-hook 'rcd-eww-content-type) But I am doing it wrong, that will correctly invoke org mode, but then it does not return back to normal EWW work. I have tried to remember the major mode and invoke it again. But it is not that it works. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/