From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 351BF6DE0A7F for ; Thu, 19 Oct 2017 13:46:12 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.038 X-Spam-Level: X-Spam-Status: No, score=-0.038 tagged_above=-999 required=5 tests=[AWL=-0.038] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4asrCzu5DNvO for ; Thu, 19 Oct 2017 13:46:11 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTP id 630C96DE0A6C for ; Thu, 19 Oct 2017 13:46:11 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 587EFF99A; Thu, 19 Oct 2017 16:46:10 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id BFA7D2075F; Thu, 19 Oct 2017 16:13:41 -0400 (EDT) From: Daniel Kahn Gillmor To: Brian Sniffen Cc: Matthew Lear , notmuch@notmuchmail.org Subject: Re: web interface to notmuch In-Reply-To: References: <87tvyvp4f2.fsf@istari.evenmere.org> <87376f13ho.fsf@fifthhorseman.net> Date: Thu, 19 Oct 2017 16:13:38 -0400 Message-ID: <87infazyj1.fsf@fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 20:46:12 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Thu 2017-10-19 16:00:33 -0400, Brian Sniffen wrote: > I don=E2=80=99t think they can be sanitized. Web tech moves so fast. well, there are at least a handful of python modules that claim to do some sort of sanitization. in debian alone, we have at least: python3-django-html-sanitizer python3-feedparser python3-bleach python3-w3lib so, one approach would be to just adopt one of them, and then it's their fault if it breaks :) I'm not saying it's a great approach, but it seems better than the current situation where no sanitization is done at all. > But maybe they can be isolated. GMail uses a separate domain for the > content from the UI; I have hopes about response headers and iframe > attributes. That's an interesting approach too, though it doesn't isolate message A from message B, which is a distinct concern. The worry isn't just that the content could take over the UI, right? Maybe isolation and sanitization can be used in combination? even if neither of them are perfect, it'd be a damn sight better than pipermail :P > Also, if the whole site=E2=80=99s static=E2=80=94not just the nmweb part= =E2=80=94you probably > can=E2=80=99t hurt much. depends on what kind of harm you're talking about -- i think the privacy harms are potentially pretty serious. The public library is static, but if reading one book meant that you ended up reporting on your future reading habits (of any book) to some unknown third party, that would be pretty bad. --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOCdgUepHf6PklTkyFJitxsGSMjcFAlnpB3MACgkQFJitxsGS Mjc+hQ//XuFjKllRsUljDPkVI5pEhGZ75w9ESkmCD2JQmeIRXEUfiigQYT3LjKM5 gsVoEJmGGQmcmJ8APgR+1SBa0Fr8hPjEvqOdg/fQHdFkcXiHOiW6QnlGlUI06CZr TjMWP4vYst9KAmzmbYfsdMwYj9GCz3b3NADEt4Li/tYGprj1/VFPtM4hk7m3OfkE ZShuRmEC+i/nBUyD7yXgue2ZEOrnvIts9rLRSK1f1MC9vkJnTF1GkC755Cm+G6i+ /XJIUxuvER8FQAxp6oiMRiv1+As9VsV1FitIinjuxQV0a1SZxkw23xwesmT4U7jg MYGMFjB4YE8ERD4p/VyLVPiSmIIzXdCfozQcHbncC5djwnl8jHdTXV/01Y/wuF3d sW1v1bpjkjC/s+1Lxl3ZWubJHAZXzN0SZ4w+e/YL6wU/T0oYV+B1bFC+f7h0YkFw CYts7FFqvGKpRmhSH6n+t1xTyUxU9CJnZj0+PJHv2K7d9eEw51iskGMw/H24SciV XNg5vPiA+KcZ9og8UAg2E0gYlUYI0bLd5mWej5ZNmAKIPJuGd5ylfRWHpxusEYPX Go7InWOlTiuXxJsFVPU8FSA9l9tErqOw7arFd8pHxBdCGP8uFkxZFEBlt8ZknXGs DN8EUNcdB550hzjYxVHv41TPYVyuxTcShLrQZQ4H+cHq9SeQZa8= =0BU+ -----END PGP SIGNATURE----- --=-=-=--