From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 774D86DE0A6C for ; Thu, 19 Oct 2017 11:33:42 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.038 X-Spam-Level: X-Spam-Status: No, score=-0.038 tagged_above=-999 required=5 tests=[AWL=-0.038] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jMy-ZncPle10 for ; Thu, 19 Oct 2017 11:33:41 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTP id B74DF6DE0A7F for ; Thu, 19 Oct 2017 11:33:41 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id ED340F99D; Thu, 19 Oct 2017 14:33:40 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id AB52420708; Thu, 19 Oct 2017 12:55:55 -0400 (EDT) From: Daniel Kahn Gillmor To: Brian Sniffen , Matthew Lear , notmuch@notmuchmail.org Subject: Re: web interface to notmuch In-Reply-To: <87tvyvp4f2.fsf@istari.evenmere.org> References: <87tvyvp4f2.fsf@istari.evenmere.org> Date: Thu, 19 Oct 2017 12:55:47 -0400 Message-ID: <87376f13ho.fsf@fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 18:33:42 -0000 --=-=-= Content-Type: text/plain On Thu 2017-10-19 11:01:53 -0400, Brian Sniffen wrote: > I put together something like this, visible at > https://github.com/briansniffen/notmuch/tree/nmweb/contrib/notmuch-web > > It's not much of a service. I am pretty sure it is exploitable---that > content in text/html parts of messages can do Bad Things to your > session. I think this is the crux of the problem, right? I was noticing the other day that notmuch's own mail archives are published in pipermail, which is *absolutely terrible* compared to dealing with a mailstore with notmuch as a frontend. I'd love to be able to expose the archive to the public this way. Assuming that you had a sanitize_this_html_part() function available to you, do you think it would be possible to make this safe? Have you considered proposing it for inclusion in contrib upstream? --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOCdgUepHf6PklTkyFJitxsGSMjcFAlno2RMACgkQFJitxsGS MjdyJBAAhiLK+WKBNgasPggbND73Se+I0G0KXBq5ILjNnFTOxWg7IIs2TXVJ19Bo qjzRODIT3A+XVVFEDWLAxfulSmsR/k9G8bBNJwP37463Yurbip/xiDnJHloB1x/o Axu9CpSN7gCio9E1yjwZ8/3+JcNdIJkQ/5bD+uoZp7uhUPHhL1tiMBQr1cSVPDRf 2f4i0s44wwZhka148I4MEMGSf64FJxabClCxTHIOX/PivW2QZQeRAuiVpzmFrTZ5 E+FTeAsWpGKlXhDiAe9zl/BT2q/jFf9djTQdafB56qqWobmcoI0spLKYXpvzxSwB jt3V+mVd9lyRxSiBkdf5f20z2lEJb6UZcn65kUPlx1pbqzFugQ5ulrY4WoSA43qB Gg2WhkLHdimhCvakOx9xp57FAzr6FIHGLHOmrLkUH3QEpfEAfoWFcT9yXD5jubbB ER+dE4QIR/Tv2jbxxcp0KCwbkHI72NTDgjrgKUDA27UV6I6YdZn1YBrEs8DkLRoK /fahbKVV8tv9QjhN854nOwh4KBDkgIgpXOgIr9bDknx/Fb4jy1Z3YrPtXvGbzrrg /DreHANPNmQNlWgKC59kJDfJdGJGQJrkXopAFHs3KwSXM3YwFg9Kfw7NKD8o3WsF cH0KVdnc8av79S5KhjsXXyhDq6YT1JyXbt5c9Y0JzO9AaibmtiU= =9nxV -----END PGP SIGNATURE----- --=-=-=--