From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id D4DEE6DE01EA for ; Fri, 27 Oct 2017 06:04:12 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.032 X-Spam-Level: X-Spam-Status: No, score=-0.032 tagged_above=-999 required=5 tests=[AWL=-0.032] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Srgy64xkLuXY for ; Fri, 27 Oct 2017 06:04:11 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTP id 7FD326DE00C6 for ; Fri, 27 Oct 2017 06:04:11 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id D7AEAF99A; Fri, 27 Oct 2017 09:04:07 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 233F42085B; Fri, 27 Oct 2017 02:05:06 -0400 (EDT) From: Daniel Kahn Gillmor To: Brian Sniffen , Vladimir Panteleev , Jani Nikula , Matthew Lear , notmuch@notmuchmail.org Subject: Re: web interface to notmuch In-Reply-To: <87she5nsmy.fsf@istari.evenmere.org> References: <87tvyvp4f2.fsf@istari.evenmere.org> <87376f13ho.fsf@fifthhorseman.net> <87r2tww9tr.fsf@nikula.org> <87wp3ow39i.fsf@fifthhorseman.net> <27e53def-32b4-45ab-1192-77cc0e837a93@gmail.com> <87zi8eopgq.fsf@istari.evenmere.org> <877evhy53k.fsf@fifthhorseman.net> <87she5nsmy.fsf@istari.evenmere.org> Date: Fri, 27 Oct 2017 02:05:02 -0400 Message-ID: <87inf1gm7l.fsf@fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Oct 2017 13:04:13 -0000 --=-=-= Content-Type: text/plain On Fri 2017-10-27 00:04:21 -0400, Brian Sniffen wrote: > With bleach integrated (all of five lines), I think this is safe enough > to let random notmuch users run it. hm, bleach might be a little too aggressive. jrollins just pointed toward: https://nmweb.evenmere.org/show/87innmvvam.fsf%40ligo.caltech.edu which i'm pretty sure had actual content initially (id:87innmvvam.fsf@ligo.caltech.edu) but it starts with stdin redirection (using a left angle bracket) and then the rest of the message is gone :/ --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOCdgUepHf6PklTkyFJitxsGSMjcFAlnyzI4ACgkQFJitxsGS Mjd39Q//cdriyOI55d3Lo+uOadJ12MRIG3ScjUdIusmIi6s9KKL8Az2ElJ03260T CEqpiVv1sIEP/oqS7uQtsYxNyl4SZhzAHxhVHQ3hOxSJi/2cRIrjrDLDxPjxtErR Iz2qbYYSzd1d6DzziBMUm+tSgCrYo6twtzUVrBtX8Sl4zOi9Ghn6uRQ8VPF4o8lQ XYI36eA7B9TkwhCR0hY3psxvDFBa7vycAQViho1rx1TlJqf7jowCRqfk+QDVGc3f Cqh0u5v35ln5Wn1MneCr5dn3sLvokk3BuukRWdpjAKqFW99Ga6faF+lg2+927oZ+ n/FAoNUv9/57p5hNp0CX92z+fzEoB3mgKnP+YogNytIj63Ry6yaM4oHBr+QPiWHS z4xAhiWiz9nx3eMegCSC4abHvLqqBqg6TZjCOrJ0uiRPqYT/oL5ZNBn4n2CoGWVj 5e2j3tM1Z6FFC022GmFs6V9a23uqyy7FT7SdxYdcQz8a4Hfo9Wb9DYgKLhpCaL3A 669tSMSd7M0dBR0ikj68mSYPWzijp5l8u0XPNG3Q1t2pSwu2xfmxBye6nlNW+euN vz+kvzfRXrs3SZR9peyL8NcDLgVlMy3ljvCKUPqk+CBZhWwvcJCIv2+w8qG4zx8r W1T+ZAE6s6yXbGT9oNC9kWov40UhZBA/wRy9Q3jBGHJfcvnJ+xg= =346V -----END PGP SIGNATURE----- --=-=-=--