From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Vivien Kraus Newsgroups: gmane.lisp.guile.devel Subject: Re: [PATCH] Add resolve-relative-reference in (web uri), as in RFC 3986 5.2. Date: Tue, 03 Oct 2023 22:03:35 +0200 Message-ID: <211acc43219fff254c00d4d75b9907dac8bbbec4.camel@planete-kraus.eu> References: <61e17faa8546f6ff79e9bbe1f25f0bf687d3dce1.1695667513.git.vivien@planete-kraus.eu> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="3624"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Evolution 3.46.4 To: Maxime Devos , guile-devel@gnu.org Original-X-From: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Tue Oct 03 22:04:14 2023 Return-path: Envelope-to: guile-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1qnlcr-0000Y0-UG for guile-devel@m.gmane-mx.org; Tue, 03 Oct 2023 22:04:13 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qnlcP-0000EX-Vx; Tue, 03 Oct 2023 16:03:46 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qnlcO-0000EM-9g for guile-devel@gnu.org; Tue, 03 Oct 2023 16:03:44 -0400 Original-Received: from planete-kraus.eu ([89.234.140.182]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1qnlcM-0004BL-7Y for guile-devel@gnu.org; Tue, 03 Oct 2023 16:03:43 -0400 Original-Received: from planete-kraus.eu (localhost.lan [127.0.0.1]) by planete-kraus.eu (OpenSMTPD) with ESMTP id 03fa3d4d; Tue, 3 Oct 2023 20:03:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=planete-kraus.eu; h= message-id:subject:from:to:date:in-reply-to:references :content-type:content-transfer-encoding:mime-version; s= albinoniB; bh=zCxCZxOv8fN4Cm6EpQSv7v9LVsg=; b=0UDVFs49zP4dcPWt5Y uBZMdnoW79y+yOvurpHhUBuSRJhAczW8coC3JyTTt5BY4MoCMB3qcTYJ4sReVTP/ 9epRL0cBviC99ZjjZNRigEUHUtJLdjcdKj/jn5FEqhhqVrU921oT6y4kX/NOfs7v RDwsFiPn2nCY5KdS5PkpYQJ2pp9FhzPcJ5jxc0QIIp8TaklfP4+HMU9qYQNn37kY OKHo6IyZUrl2pJouHRrWYIj+LkIAOol0JrlhAwlm49/q9CkCcsDqI+BBiJhdM9+O MdGP7mi/guIyzwQGGPNveaozfhyO69IcXBb8bwFnHU47bE3DcgcT3DEhN+NE+F4p x1UQ== Original-Received: by planete-kraus.eu (OpenSMTPD) with ESMTPSA id fbeea1a4 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Tue, 3 Oct 2023 20:03:37 +0000 (UTC) In-Reply-To: Received-SPF: pass client-ip=89.234.140.182; envelope-from=vivien@planete-kraus.eu; helo=planete-kraus.eu X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guile-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Developers list for Guile, the GNU extensibility library" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Original-Sender: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.lisp.guile.devel:22012 Archived-At: Hello! Le lundi 25 septembre 2023 =C3=A0 22:46 +0200, Maxime Devos a =C3=A9crit=C2= =A0: > However, there are also some dangers on doing this=20 > thing -- the =E2=80=98external=E2=80=99 page https://example.com/data.jso= n=C2=A0could=20 > redirect to=20 > http://localhost/unsecured-secret-but-its-localhost-only-so-it-is-safe > . Since you want to warn users about this problem, I have to first understand why it is a problem at all. Your example literally ends with "so it is safe", and I fail to see why it would be a problem. Could you elaborate? Best regards, Vivien