From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Stefan Monnier <monnier@iro.umontreal.ca>
Newsgroups: gmane.emacs.devel
Subject: Re: [RFC] MIME attachments for comint
Date: Tue, 28 Sep 2021 15:26:17 -0400
Message-ID: <jwvmtnwmrnb.fsf-monnier+emacs@gnu.org>
References: <875yuln8rj.fsf@gmail.com> <jwv1r59rc2m.fsf-monnier+emacs@gnu.org>
 <87wnn0lm7k.fsf@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="22761"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
Cc: emacs-devel@gnu.org
To: Augusto Stoffel <arstoffel@gmail.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue Sep 28 21:28:38 2021
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1mVImM-0005hv-Jg
	for ged-emacs-devel@m.gmane-mx.org; Tue, 28 Sep 2021 21:28:38 +0200
Original-Received: from localhost ([::1]:42256 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1mVImL-0000Qa-A0
	for ged-emacs-devel@m.gmane-mx.org; Tue, 28 Sep 2021 15:28:37 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:44418)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <monnier@iro.umontreal.ca>)
 id 1mVIkn-00087k-R1
 for emacs-devel@gnu.org; Tue, 28 Sep 2021 15:27:01 -0400
Original-Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:19937)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <monnier@iro.umontreal.ca>)
 id 1mVIkl-00064b-Ha
 for emacs-devel@gnu.org; Tue, 28 Sep 2021 15:27:00 -0400
Original-Received: from pmg1.iro.umontreal.ca (localhost.localdomain [127.0.0.1])
 by pmg1.iro.umontreal.ca (Proxmox) with ESMTP id 215B410028A;
 Tue, 28 Sep 2021 15:26:58 -0400 (EDT)
Original-Received: from mail01.iro.umontreal.ca (unknown [172.31.2.1])
 by pmg1.iro.umontreal.ca (Proxmox) with ESMTP id B81DE10017A;
 Tue, 28 Sep 2021 15:26:56 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca;
 s=mail; t=1632857216;
 bh=YtJSYRdzitEn2pGkgb1kM4lt/F3g2wgUg0E+K08ZEKk=;
 h=From:To:Cc:Subject:References:Date:In-Reply-To:From;
 b=ACJ4YtRdwvj9hThVdnotYsKM/1WxW4F869S57gRVWgoSKbcZZYpJPe/oXH813ZNIu
 6auRosxVyda3Oe85GWPPkABfvV39LdC5Zd5U2C+Rn+zHVj/naFn7/NUTRi2P14hklJ
 fOvyUNvgrco2dGYjjpt0K2kVo4cd1HFXSZ8LXhCzALuGAIbS/niA+beVSSL1p+NzER
 NjUgYS+ZoCy2KoDSxa255in/VFqh/bkXYTI/EqMSK/hSFWBla5P1rXqsZ0QBnWhGo4
 d43CUeaim4+rGA3XX5IrL5v2HG2dSk1wN5E7RK4k6/HLKqMyEgdGkWeemMgRUCPIDb
 2TFHOVFtXIgrw==
Original-Received: from alfajor (lechon.iro.umontreal.ca [132.204.27.242])
 by mail01.iro.umontreal.ca (Postfix) with ESMTPSA id AA2AC1203C4;
 Tue, 28 Sep 2021 15:26:56 -0400 (EDT)
In-Reply-To: <87wnn0lm7k.fsf@gmail.com> (Augusto Stoffel's message of "Tue, 28
 Sep 2021 18:05:35 +0200")
Received-SPF: pass client-ip=132.204.25.50;
 envelope-from=monnier@iro.umontreal.ca; helo=mailscanner.iro.umontreal.ca
X-Spam_score_int: -42
X-Spam_score: -4.3
X-Spam_bar: ----
X-Spam_report: (-4.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:275733
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/275733>

Augusto Stoffel [2021-09-28 18:05:35] wrote:
> On Mon, 27 Sep 2021 at 16:37, Stefan Monnier <monnier@iro.umontreal.ca> wrote:
>> Sounds like a cute package, thanks.
>>> Here are some more assorted observations:
>> Anything to say about security implications/measures?
> Good question, I didn't think about this.

I think such a feature needs to be quite careful and proactively
defensive about that.

> I guess it's safe to feed `create-image', `svg-image' and shr with any
> kind of evil data, no?

What could go wrong, right?
I recommend you place strong restrictions on the formats supported so as
to stay within bounds which you positively know are safe (e.g. no worse
than what happens already with SHR rendering when viewing HTML email).


        Stefan