From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id CDAA06DE0A7F for ; Thu, 19 Oct 2017 13:00:43 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.01 X-Spam-Level: X-Spam-Status: No, score=-0.01 tagged_above=-999 required=5 tests=[MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oCFyIXGLouL1 for ; Thu, 19 Oct 2017 13:00:42 -0700 (PDT) Received: from istari.evenmere.org (istari.evenmere.org [136.248.125.194]) by arlo.cworth.org (Postfix) with ESMTP id 112586DE0A6C for ; Thu, 19 Oct 2017 13:00:42 -0700 (PDT) Received: by istari.evenmere.org (Postfix, from userid 113) id 4F9C71E0075; Thu, 19 Oct 2017 16:00:39 -0400 (EDT) Received: from [IPv6:2001:4878:a000:3000:d958:3976:3448:6b15] (unknown [IPv6:2001:4878:a000:3000:d958:3976:3448:6b15]) by istari.evenmere.org (Postfix) with ESMTPSA id 965FC1E0062; Thu, 19 Oct 2017 16:00:37 -0400 (EDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: web interface to notmuch From: Brian Sniffen X-Mailer: iPhone Mail (15B5086a) In-Reply-To: <87376f13ho.fsf@fifthhorseman.net> Date: Thu, 19 Oct 2017 16:00:33 -0400 Cc: Matthew Lear , notmuch@notmuchmail.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <87tvyvp4f2.fsf@istari.evenmere.org> <87376f13ho.fsf@fifthhorseman.net> To: Daniel Kahn Gillmor X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 20:00:43 -0000 > On Oct 19, 2017, at 12:55 PM, Daniel Kahn Gillmor w= rote: >=20 >> On Thu 2017-10-19 11:01:53 -0400, Brian Sniffen wrote: >> I put together something like this, visible at >> https://github.com/briansniffen/notmuch/tree/nmweb/contrib/notmuch-web >>=20 >> It's not much of a service. I am pretty sure it is exploitable---that >> content in text/html parts of messages can do Bad Things to your >> session. >=20 > I think this is the crux of the problem, right? I was noticing the > other day that notmuch's own mail archives are published in pipermail, > which is *absolutely terrible* compared to dealing with a mailstore with > notmuch as a frontend. I'd love to be able to expose the archive to the > public this way. >=20 > Assuming that you had a sanitize_this_html_part() function available to > you, do you think it would be possible to make this safe? Have you > considered proposing it for inclusion in contrib upstream? I don=E2=80=99t think they can be sanitized. Web tech moves so fast. But may= be they can be isolated. GMail uses a separate domain for the content from t= he UI; I have hopes about response headers and iframe attributes.=20 Also, if the whole site=E2=80=99s static=E2=80=94not just the nmweb part=E2=80= =94you probably can=E2=80=99t hurt much.=20=