* 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly @ 2022-10-25 12:06 Jean Louis 2022-10-25 15:02 ` Dr. Arne Babenhauserheide ` (2 more replies) 0 siblings, 3 replies; 53+ messages in thread From: Jean Louis @ 2022-10-25 12:06 UTC (permalink / raw) To: bug-gnu-emacs; +Cc: emacs-orgmode This wish request is related to Emacs EWW and Org mode. Please make EWW recognize Org file when served by WWW server. Currently it does not recognize the MIME type text/x-org and opens the file as text, it does not invoke the org mode. In my opinion, it should. Inspect following file by using lynx: $ lynx -head https://gnu.support/files/tmp/example.org uHTTP/1.1 200 OK Server: nginx/1.14.2 Date: Tue, 25 Oct 2022 12:04:26 GMT Content-Type: text/x-org Content-Length: 364 Last-Modified: Tue, 25 Oct 2022 11:58:22 GMT Connection: close ETag: "6357cf5e-16c" Accept-Ranges: bytes One can see that Content-Type is text/x-org My expectation is that EWW opens the Org file served by WWW server in Org mode. But it doesn't. Can this be done? This will open opportunity to directly serve Org files by using WWW servers and to browse such files through Emacs, meaning, bunch of notes, tasks and similar may be kept online, with or without protection and directly accessed by Emacs. It becomes new area or WWO or World Wide Org environment. In GNU Emacs 29.0.50 (build 7, x86_64-pc-linux-gnu, X toolkit, cairo version 1.17.6, Xaw3d scroll bars) of 2022-10-10 built on protected.rcdrun.com Repository revision: ed436db1320339862fad5ac754a6ec42de06c766 Repository branch: master Windowing system distributor 'The X.Org Foundation', version 11.0.12101004 System Description: Parabola GNU/Linux-libre Configured using: 'configure --with-x-toolkit=lucid' Configured features: ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG JSON LCMS2 LIBOTF LIBSYSTEMD LIBXML2 M17N_FLT MODULES NOTIFY INOTIFY PDUMPER PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF TOOLKIT_SCROLL_BARS WEBP X11 XAW3D XDBE XIM XINPUT2 XPM LUCID ZLIB Important settings: value of $LC_ALL: en_US.UTF-8 value of $LANG: de_DE.UTF-8 value of $XMODIFIERS: @im=exwm-xim locale-coding-system: utf-8-unix Major mode: Message Minor modes in effect: mml-mode: t tooltip-mode: t global-eldoc-mode: t show-paren-mode: t electric-indent-mode: t mouse-wheel-mode: t tool-bar-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t line-number-mode: t auto-fill-function: message-do-auto-fill transient-mark-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t abbrev-mode: t Load-path shadows: None found. Features: (shadow sort emacsbug mail-extr org-timer org-colview org-clock org-attach org-id org-archive org-agenda org-refile ol-eww eww xdg url-queue thingatpt mm-url ol-rmail ol-mhe ol-irc ol-info ol-gnus nnselect gnus-art mm-uu mml2015 mm-view mml-smime smime gnutls dig gnus-sum shr pixel-fill kinsoku url-file svg dom browse-url url url-proxy url-privacy url-expand url-methods url-history url-cookie generate-lisp-file url-domsuf url-util url-parse auth-source cl-seq eieio eieio-core cl-macs url-vars gnus-group gnus-undo gnus-start gnus-dbus dbus xml gnus-cloud nnimap nnmail mail-source utf7 nnoo parse-time gnus-spec gnus-int gnus-range message sendmail mailcap yank-media puny rfc822 mml mml-sec password-cache epa derived epg rfc6068 epg-config mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045 ietf-drums mailabbrev gmm-utils mailheader gnus-win gnus nnheader gnus-util text-property-search mail-utils range mm-util mail-prsvr wid-edit ol-docview doc-view filenotify jka-compr image-mode exif dired dired-loaddefs ol-bibtex ol-bbdb ol-w3m ol-doi org-link-doi reporter org ob ob-tangle ob-ref ob-lob ob-table ob-exp org-macro org-footnote org-src ob-comint org-pcomplete pcomplete comint ansi-osc ansi-color ring org-list org-faces org-entities noutline outline icons org-version ob-emacs-lisp ob-core ob-eval org-table oc-basic json map byte-opt gv bytecomp byte-compile cconv bibtex iso8601 time-date subr-x ol rx org-keys oc org-compat advice org-macs org-loaddefs format-spec find-func cal-menu calendar cal-loaddefs cl-loaddefs cl-lib rmc iso-transl tooltip eldoc paren electric uniquify ediff-hook vc-hooks lisp-float-type elisp-mode mwheel term/x-win x-win term/common-win x-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list replace newcomment text-mode lisp-mode prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu timer select scroll-bar mouse jit-lock font-lock syntax font-core term/tty-colors frame minibuffer nadvice seq simple cl-generic indonesian philippine cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite emoji-zwj charscript charprop case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button loaddefs faces cus-face macroexp files window text-properties overlay sha1 md5 base64 format env code-pages mule custom widget keymap hashtable-print-readable backquote threads dbusbind inotify lcms2 dynamic-setting system-font-setting font-render-setting cairo x-toolkit xinput2 x multi-tty make-network-process emacs) Memory information: ((conses 16 180979 11753) (symbols 48 19853 2) (strings 32 68758 1519) (string-bytes 1 2167162) (vectors 16 37547) (vector-slots 8 408250 18213) (floats 8 277 76) (intervals 56 424 0) (buffers 1000 12)) -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-25 12:06 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly Jean Louis @ 2022-10-25 15:02 ` Dr. Arne Babenhauserheide 2022-10-25 19:56 ` Jean Louis 2022-10-25 23:03 ` Ihor Radchenko 2022-10-25 22:13 ` Ag Ibragimov 2022-10-27 4:55 ` Jean Louis 2 siblings, 2 replies; 53+ messages in thread From: Dr. Arne Babenhauserheide @ 2022-10-25 15:02 UTC (permalink / raw) To: Jean Louis; +Cc: bug-gnu-emacs, emacs-orgmode [-- Attachment #1: Type: text/plain, Size: 860 bytes --] Jean Louis <bugs@gnu.support> writes: > This wish request is related to Emacs EWW and Org mode. > > Please make EWW recognize Org file when served by WWW server. Currently > it does not recognize the MIME type text/x-org and opens the file as > text, it does not invoke the org mode. In my opinion, it should. This sounds dangerous. Org mode can execute untrusted code, so this could trick people into running untrusted code with the permissions of their Emacs. Links in org-mode can run shell scripts. Yes, they usually ask, but this may be changed it a local Emacs, trusting that it will only be used to open trusted local files. The threat model of eww changes a lot when any file on the web can request being opened with org-mode. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --] ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-25 15:02 ` Dr. Arne Babenhauserheide @ 2022-10-25 19:56 ` Jean Louis 2022-10-25 21:54 ` Dr. Arne Babenhauserheide 2022-10-25 23:03 ` Ihor Radchenko 1 sibling, 1 reply; 53+ messages in thread From: Jean Louis @ 2022-10-25 19:56 UTC (permalink / raw) To: Dr. Arne Babenhauserheide; +Cc: bug-gnu-emacs, emacs-orgmode * Dr. Arne Babenhauserheide <arne_bab@web.de> [2022-10-25 18:06]: > > This wish request is related to Emacs EWW and Org mode. > > > > Please make EWW recognize Org file when served by WWW server. Currently > > it does not recognize the MIME type text/x-org and opens the file as > > text, it does not invoke the org mode. In my opinion, it should. > > This sounds dangerous. Org mode can execute untrusted code, so this > could trick people into running untrusted code with the permissions of > their Emacs. I can always do that in Emacs, execute untrusted code. There are no trust mechanisms for plethora of Emacs packages and codes distributed over Internet. That was not my request. Do you know how to make this work? -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-25 19:56 ` Jean Louis @ 2022-10-25 21:54 ` Dr. Arne Babenhauserheide 2022-10-26 7:57 ` Jean Louis 2022-10-26 7:59 ` Jean Louis 0 siblings, 2 replies; 53+ messages in thread From: Dr. Arne Babenhauserheide @ 2022-10-25 21:54 UTC (permalink / raw) To: Jean Louis; +Cc: bug-gnu-emacs, emacs-orgmode [-- Attachment #1: Type: text/plain, Size: 1697 bytes --] Jean Louis <bugs@gnu.support> writes: > * Dr. Arne Babenhauserheide <arne_bab@web.de> [2022-10-25 18:06]: >> > This wish request is related to Emacs EWW and Org mode. >> > >> > Please make EWW recognize Org file when served by WWW server. Currently >> > it does not recognize the MIME type text/x-org and opens the file as >> > text, it does not invoke the org mode. In my opinion, it should. >> >> This sounds dangerous. Org mode can execute untrusted code, so this >> could trick people into running untrusted code with the permissions of >> their Emacs. > > I can always do that in Emacs, execute untrusted code. There are no > trust mechanisms for plethora of Emacs packages and codes distributed > over Internet. All of the Emacs packages have some amount of implicit trust. Even melpa carefully vets packages nowadays. That’s not the case for some website you visit. > That was not my request. > > Do you know how to make this work? If you ask me whether I can make this work safely: This would first require the introduction of a safe-org-mode which strictly disables all features that can execute remote code or disguise unsafe operations as safe ones. If a user then decides to explicitly call M-x org-mode, that’s their problem. If you ask me whether I know how to make this work unsafely: It likely won’t need a lot of elisp reading, but I do not, because I do not look for it, because if I did, I would not. I do not want to be the one who caused the systems of eww users to get breached, or who helped opening that security hole. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --] ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-25 21:54 ` Dr. Arne Babenhauserheide @ 2022-10-26 7:57 ` Jean Louis 2022-10-26 11:55 ` Dr. Arne Babenhauserheide 2022-10-26 7:59 ` Jean Louis 1 sibling, 1 reply; 53+ messages in thread From: Jean Louis @ 2022-10-26 7:57 UTC (permalink / raw) To: Dr. Arne Babenhauserheide; +Cc: bug-gnu-emacs, emacs-orgmode * Dr. Arne Babenhauserheide <arne_bab@web.de> [2022-10-26 01:02]: > All of the Emacs packages have some amount of implicit trust. Users are unaware what package may do, and packages are everywhere on Internet. That is not a problem that I wish to solve. > If you ask me whether I can make this work safely: This would first > require the introduction of a safe-org-mode which strictly disables all > features that can execute remote code or disguise unsafe operations as > safe ones. If a user then decides to explicitly call M-x org-mode, > that’s their problem. Thanks, though, that was not my request. Please note that you miss very important issue, and that is that all browsers support customization on how to open specific content types, so it is quite trivial to customize in browser to open Common Lisp program with Common Lisp. Thus all of browsers who allow content type customization are analogous to problem you are presenting, which in fact is no practical problem at all. Find the victim first, then present the problem. To understand is that content type opening is generally not secure and that it is user choice. I am user of Org mode, and all I wish is to adapt eww to invoke command "org-mode" once content type text/x-org has been recognized. This way I can browse Org files directly, it is very useful for me as I have bunch of files. > If you ask me whether I know how to make this work unsafely: It likely > won’t need a lot of elisp reading, but I do not, because I do not look > for it, because if I did, I would not. Well then 👀 > I do not want to be the one who caused the systems of eww users to get > breached, or who helped opening that security hole. See above, all other content types and URL links may be customized by user to be opened how users want it. Your security presentation lacks the background knowledge. See the attached screenshot how easy it was to customize IceWeasel or Firefox derivate to open Org files by using Emacs client. I have script called "edit" which invoces emacsclient. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 7:57 ` Jean Louis @ 2022-10-26 11:55 ` Dr. Arne Babenhauserheide 2022-10-26 12:20 ` Jean Louis 0 siblings, 1 reply; 53+ messages in thread From: Dr. Arne Babenhauserheide @ 2022-10-26 11:55 UTC (permalink / raw) To: Jean Louis; +Cc: bug-gnu-emacs, emacs-orgmode [-- Attachment #1: Type: text/plain, Size: 1067 bytes --] Jean Louis <bugs@gnu.support> writes: >> If you ask me whether I can make this work safely: This would first >> require the introduction of a safe-org-mode which strictly disables all >> features that can execute remote code or disguise unsafe operations as >> safe ones. If a user then decides to explicitly call M-x org-mode, >> that’s their problem. > > Thanks, though, that was not my request. > > Please note that you miss very important issue, and that is that all > browsers support customization on how to open specific content types, > so it is quite trivial to customize in browser to open Common Lisp > program with Common Lisp. I may have misunderstood what you want. Do you want eww to open text/x-org files in org-mode by default, or do you search for a way how you can modify your local eww to open text/x-org files with org-mode? My worries apply to the first, not to the second (there users know what they get into). Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --] ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 11:55 ` Dr. Arne Babenhauserheide @ 2022-10-26 12:20 ` Jean Louis 2022-10-26 12:45 ` Andreas Schwab 0 siblings, 1 reply; 53+ messages in thread From: Jean Louis @ 2022-10-26 12:20 UTC (permalink / raw) To: Dr. Arne Babenhauserheide; +Cc: bug-gnu-emacs, emacs-orgmode * Dr. Arne Babenhauserheide <arne_bab@web.de> [2022-10-26 14:58]: > I may have misunderstood what you want. > > Do you want eww to open text/x-org files in org-mode by default, or do > you search for a way how you can modify your local eww to open > text/x-org files with org-mode? > > My worries apply to the first, not to the second (there users know what > they get into). If there is way to extend EWW and Emacs in such way that I can tell EWW what to do on certain content type, just as I do with other browsers, that would solve the problem. Then I can say, please EWW, open "text/x-org" content type with org-mode. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 12:20 ` Jean Louis @ 2022-10-26 12:45 ` Andreas Schwab 2022-10-26 13:19 ` bug#58774: " Jean Louis 0 siblings, 1 reply; 53+ messages in thread From: Andreas Schwab @ 2022-10-26 12:45 UTC (permalink / raw) To: Dr. Arne Babenhauserheide; +Cc: bug-gnu-emacs, emacs-orgmode On Okt 26 2022, Jean Louis wrote: > If there is way to extend EWW and Emacs in such way that I can tell > EWW what to do on certain content type, just as I do with other > browsers, that would solve the problem. This is what browse-url-handlers is for. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 12:45 ` Andreas Schwab @ 2022-10-26 13:19 ` Jean Louis 2022-10-26 13:55 ` Andreas Schwab 0 siblings, 1 reply; 53+ messages in thread From: Jean Louis @ 2022-10-26 13:19 UTC (permalink / raw) To: Andreas Schwab; +Cc: Dr. Arne Babenhauserheide, 58774, emacs-orgmode * Andreas Schwab <schwab@suse.de> [2022-10-26 15:48]: > On Okt 26 2022, Jean Louis wrote: > > > If there is way to extend EWW and Emacs in such way that I can tell > > EWW what to do on certain content type, just as I do with other > > browsers, that would solve the problem. > > This is what browse-url-handlers is for. Content type is not an URL scheme. Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 13:19 ` bug#58774: " Jean Louis @ 2022-10-26 13:55 ` Andreas Schwab 2022-10-26 17:36 ` Jean Louis 0 siblings, 1 reply; 53+ messages in thread From: Andreas Schwab @ 2022-10-26 13:55 UTC (permalink / raw) To: Dr. Arne Babenhauserheide; +Cc: 58774, emacs-orgmode On Okt 26 2022, Jean Louis wrote: > * Andreas Schwab <schwab@suse.de> [2022-10-26 15:48]: >> On Okt 26 2022, Jean Louis wrote: >> >> > If there is way to extend EWW and Emacs in such way that I can tell >> > EWW what to do on certain content type, just as I do with other >> > browsers, that would solve the problem. >> >> This is what browse-url-handlers is for. > > Content type is not an URL scheme. The predicate can do whatever it needs to determine the handler. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 13:55 ` Andreas Schwab @ 2022-10-26 17:36 ` Jean Louis 2022-10-27 7:58 ` Andreas Schwab 0 siblings, 1 reply; 53+ messages in thread From: Jean Louis @ 2022-10-26 17:36 UTC (permalink / raw) To: Andreas Schwab; +Cc: Dr. Arne Babenhauserheide, 58774, emacs-orgmode * Andreas Schwab <schwab@suse.de> [2022-10-26 16:58]: > On Okt 26 2022, Jean Louis wrote: > > > * Andreas Schwab <schwab@suse.de> [2022-10-26 15:48]: > >> On Okt 26 2022, Jean Louis wrote: > >> > >> > If there is way to extend EWW and Emacs in such way that I can tell > >> > EWW what to do on certain content type, just as I do with other > >> > browsers, that would solve the problem. > >> > >> This is what browse-url-handlers is for. > > > > Content type is not an URL scheme. > > The predicate can do whatever it needs to determine the handler. With "predicate" do you mean URI scheme? browse-url-handlers ⇒ (("gemini:" . elpher-go) ("gopher:" . elpher-handler-go) ("about:" . hyperscope-about) ("hyperscope:" . hyperscope-go) ("e2dk://" . amule-handler)) An alist with elements of the form (REGEXP-OR-PREDICATE . HANDLER). Each REGEXP-OR-PREDICATE is matched against the URL to be opened in turn and the first match’s HANDLER is invoked with the URL. Then -- if URL structure would provide content type, it would work. Otherwise it is not related to my wish. The URI scheme I wish to use is `https:' and nothing else. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 17:36 ` Jean Louis @ 2022-10-27 7:58 ` Andreas Schwab 2022-10-27 8:40 ` Jean Louis 0 siblings, 1 reply; 53+ messages in thread From: Andreas Schwab @ 2022-10-27 7:58 UTC (permalink / raw) To: Dr. Arne Babenhauserheide; +Cc: 58774, emacs-orgmode On Okt 26 2022, Jean Louis wrote: > With "predicate" do you mean URI scheme? When I write predicate, I mean predicate. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 7:58 ` Andreas Schwab @ 2022-10-27 8:40 ` Jean Louis 2022-10-27 11:22 ` Andreas Schwab 2022-10-27 11:23 ` Dr. Arne Babenhauserheide 0 siblings, 2 replies; 53+ messages in thread From: Jean Louis @ 2022-10-27 8:40 UTC (permalink / raw) To: Andreas Schwab; +Cc: Dr. Arne Babenhauserheide, 58774, emacs-orgmode * Andreas Schwab <schwab@suse.de> [2022-10-27 11:03]: > On Okt 26 2022, Jean Louis wrote: > > > With "predicate" do you mean URI scheme? > > When I write predicate, I mean predicate. Can that predicate understand content type? Do you have an example? -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 8:40 ` Jean Louis @ 2022-10-27 11:22 ` Andreas Schwab 2022-10-27 11:23 ` Dr. Arne Babenhauserheide 1 sibling, 0 replies; 53+ messages in thread From: Andreas Schwab @ 2022-10-27 11:22 UTC (permalink / raw) To: Dr. Arne Babenhauserheide; +Cc: 58774, emacs-orgmode On Okt 27 2022, Jean Louis wrote: > Can that predicate understand content type? It can use whatever it needs to determine the handler. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 8:40 ` Jean Louis 2022-10-27 11:22 ` Andreas Schwab @ 2022-10-27 11:23 ` Dr. Arne Babenhauserheide 1 sibling, 0 replies; 53+ messages in thread From: Dr. Arne Babenhauserheide @ 2022-10-27 11:23 UTC (permalink / raw) To: Jean Louis; +Cc: Andreas Schwab, 58774, emacs-orgmode [-- Attachment #1: Type: text/plain, Size: 449 bytes --] Jean Louis <bugs@gnu.support> writes: > * Andreas Schwab <schwab@suse.de> [2022-10-27 11:03]: >> On Okt 26 2022, Jean Louis wrote: >> >> > With "predicate" do you mean URI scheme? >> >> When I write predicate, I mean predicate. > > Can that predicate understand content type? A predicate is a function that returns true or false. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --] ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-25 21:54 ` Dr. Arne Babenhauserheide 2022-10-26 7:57 ` Jean Louis @ 2022-10-26 7:59 ` Jean Louis 1 sibling, 0 replies; 53+ messages in thread From: Jean Louis @ 2022-10-26 7:59 UTC (permalink / raw) To: Dr. Arne Babenhauserheide; +Cc: bug-gnu-emacs, emacs-orgmode [-- Attachment #1.1: Type: text/plain, Size: 356 bytes --] Forgot this attached file, so you can see how easy it is to customize Iceweasel to open Org files, it works well. Org files are native to Emacs, I wish to open Org files by using EWW. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ [-- Attachment #1.2: 2022-10-26-10:55:26.png --] [-- Type: image/png, Size: 43035 bytes --] [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 488 bytes --] ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-25 15:02 ` Dr. Arne Babenhauserheide 2022-10-25 19:56 ` Jean Louis @ 2022-10-25 23:03 ` Ihor Radchenko 2022-10-26 6:07 ` bug#58774: " Stefan Kangas 1 sibling, 1 reply; 53+ messages in thread From: Ihor Radchenko @ 2022-10-25 23:03 UTC (permalink / raw) To: Dr. Arne Babenhauserheide; +Cc: Jean Louis, bug-gnu-emacs, emacs-orgmode "Dr. Arne Babenhauserheide" <arne_bab@web.de> writes: > This sounds dangerous. Org mode can execute untrusted code, so this > could trick people into running untrusted code with the permissions of > their Emacs. > > Links in org-mode can run shell scripts. Yes, they usually ask, but this > may be changed it a local Emacs, trusting that it will only be used to > open trusted local files. You are exaggerating the situation. The "problem" with shell links you are describing is a question of setting variables and is also disabled by default. eww-mode, when loading Org page, could simply set org-link-shell-confirm-function to its default value. -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at <https://orgmode.org/>. Support Org development at <https://liberapay.com/org-mode>, or support my work at <https://liberapay.com/yantar92> ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-25 23:03 ` Ihor Radchenko @ 2022-10-26 6:07 ` Stefan Kangas 2022-10-26 6:52 ` Ihor Radchenko ` (2 more replies) 0 siblings, 3 replies; 53+ messages in thread From: Stefan Kangas @ 2022-10-26 6:07 UTC (permalink / raw) To: Ihor Radchenko, Dr. Arne Babenhauserheide; +Cc: 58774, emacs-orgmode, bugs Ihor Radchenko <yantar92@posteo.net> writes: > The "problem" with shell links you are describing is a question of > setting variables and is also disabled by default. > > eww-mode, when loading Org page, could simply set > org-link-shell-confirm-function to its default value. Note that with the suggested feature, any link you follow risks being loaded in Org mode, before the user even has a chance to inspect the file. Which Org features, currently existing or introduced in the future, would EWW have to add workarounds for? It is very hard to foresee which parts of Org will be problematic and have to be disabled. See the security vulnerability in enriched-mode that prompted the release of Emacs 25.3, for example. Adding this opens a can of worms that will expose unsuspecting users to a whole class of new problems. And the only benefit is to save some users from having to type "M-x org-mode RET", or adding call to a suitable hook. All in all, this seems like a bad trade-off. So I don't think we should add such a feature. ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 6:07 ` bug#58774: " Stefan Kangas @ 2022-10-26 6:52 ` Ihor Radchenko 2022-10-26 8:24 ` Jean Louis ` (2 more replies) 2022-10-26 8:21 ` Jean Louis 2022-10-26 20:00 ` Tim Cross 2 siblings, 3 replies; 53+ messages in thread From: Ihor Radchenko @ 2022-10-26 6:52 UTC (permalink / raw) To: Stefan Kangas; +Cc: Dr. Arne Babenhauserheide, 58774, emacs-orgmode, bugs Stefan Kangas <stefankangas@gmail.com> writes: > Ihor Radchenko <yantar92@posteo.net> writes: > >> The "problem" with shell links you are describing is a question of >> setting variables and is also disabled by default. >> >> eww-mode, when loading Org page, could simply set >> org-link-shell-confirm-function to its default value. > > Note that with the suggested feature, any link you follow risks being > loaded in Org mode, before the user even has a chance to inspect the > file. Which Org features, currently existing or introduced in the > future, would EWW have to add workarounds for? That's not the case. Org never loads arbitrary code on loading the file without querying the user. The problem raised above is what happens when user tries to open a shell link and _also_ customized org-link-shell-confirm-function to nil (which is explicitly marked as dangerous option). Strictly speaking, even eww-mode may run arbitrary code given that user puts something into eww-mode-hook. > It is very hard to foresee which parts of Org will be problematic and > have to be disabled. See the security vulnerability in enriched-mode > that prompted the release of Emacs 25.3, for example. > > Adding this opens a can of worms that will expose unsuspecting users to > a whole class of new problems. And the only benefit is to save some > users from having to type "M-x org-mode RET", or adding call to a > suitable hook. I'd say that it will be safer to take care about necessary precautions rather than leaving the user with the only option to run org-mode manually. If necessary, we can introduce a special variable in Org mode that will disable all the potential third-party code evaluation, even if user has customized Org to execute code without prompt. -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at <https://orgmode.org/>. Support Org development at <https://liberapay.com/org-mode>, or support my work at <https://liberapay.com/yantar92> ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 6:52 ` Ihor Radchenko @ 2022-10-26 8:24 ` Jean Louis 2022-10-26 20:22 ` indieterminacy 2022-10-26 11:30 ` Dr. Arne Babenhauserheide 2022-10-26 13:15 ` Stefan Kangas 2 siblings, 1 reply; 53+ messages in thread From: Jean Louis @ 2022-10-26 8:24 UTC (permalink / raw) To: Ihor Radchenko Cc: Stefan Kangas, Dr. Arne Babenhauserheide, 58774, emacs-orgmode * Ihor Radchenko <yantar92@posteo.net> [2022-10-26 09:52]: > Strictly speaking, even eww-mode may run arbitrary code given that user > puts something into eww-mode-hook. eww-mode-hook is a variable defined in ‘eww.el’. Its value is (org-eww-extend-eww-keymap) Please help me recognize content type by using eww-mode-hook, so that I can invoke org mode when there is "text/x-org" It is very useful to browse my personal notes from my personal WWW server without invoking external browser. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 8:24 ` Jean Louis @ 2022-10-26 20:22 ` indieterminacy 0 siblings, 0 replies; 53+ messages in thread From: indieterminacy @ 2022-10-26 20:22 UTC (permalink / raw) To: Ihor Radchenko, Stefan Kangas, Dr. Arne Babenhauserheide, 58774, emacs-orgmode On 26-10-2022 10:24, Jean Louis wrote: > * Ihor Radchenko <yantar92@posteo.net> [2022-10-26 09:52]: >> Strictly speaking, even eww-mode may run arbitrary code given that >> user >> puts something into eww-mode-hook. > > eww-mode-hook is a variable defined in ‘eww.el’. > > Its value is (org-eww-extend-eww-keymap) > > Please help me recognize content type by using eww-mode-hook, so that > I can invoke org mode when there is "text/x-org" > > It is very useful to browse my personal notes from my personal WWW > server without invoking external browser. Consider hacking with regards to the Gemini protocol within Emacs, its minimalism may provide the appropriate playground for you to do things you expect (it already provides junctures to switch to (or at least load) html content with another non Gemini browser. Im killing a couple of tasks my end so I cant do this for you. However, it may be worth you experimenting with a Gemini server which contains orgmode files. I expect you should be able to view orgmode files (I guess they would be treated as non Gemtext and therefore binary). If you could toggle the appropriate mode inside something like emacs-elpher it may work to your needs. -- Jonathan McHugh indieterminacy@libre.brussels ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 6:52 ` Ihor Radchenko 2022-10-26 8:24 ` Jean Louis @ 2022-10-26 11:30 ` Dr. Arne Babenhauserheide 2022-10-26 21:41 ` Tim Cross 2022-10-26 13:15 ` Stefan Kangas 2 siblings, 1 reply; 53+ messages in thread From: Dr. Arne Babenhauserheide @ 2022-10-26 11:30 UTC (permalink / raw) To: Ihor Radchenko; +Cc: Stefan Kangas, 58774, emacs-orgmode, bugs [-- Attachment #1: Type: text/plain, Size: 1361 bytes --] Ihor Radchenko <yantar92@posteo.net> writes: > If necessary, we can introduce a special variable in Org mode that will > disable all the potential third-party code evaluation, even if user has > customized Org to execute code without prompt. If that would be part of org-mode, this would be close to a safe-org-mode. An important part in what I wrote about safe-org-mode is that it has to ensure that what is shown cannot trick the user into thinking something else would get run. A way to reduce risk would be to introduce a domain-allow-list (or prefix-allow-list) in eww for filetypes that could be unsafe, so you could for example add "orgmode.org" to your allowlist and for those domains org-files would auto-open in org-mode. Such security risks have a tendency of getting weaponized down the road when they really hurt. Like when people didn’t care about npm dependencies and had them suddenly deleting their files. And opening in the currently used Emacs may give a malicious file access to remote files opened via tramp, even if you (by virtue of being careful) require a password for the connection to sensitive servers. That way, running something in Emacs can be even more dangerous than running it in the shell. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --] ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 11:30 ` Dr. Arne Babenhauserheide @ 2022-10-26 21:41 ` Tim Cross 2022-10-27 10:43 ` Dr. Arne Babenhauserheide 0 siblings, 1 reply; 53+ messages in thread From: Tim Cross @ 2022-10-26 21:41 UTC (permalink / raw) To: emacs-orgmode "Dr. Arne Babenhauserheide" <arne_bab@web.de> writes: > [[PGP Signed Part:Undecided]] > > Ihor Radchenko <yantar92@posteo.net> writes: > >> If necessary, we can introduce a special variable in Org mode that will >> disable all the potential third-party code evaluation, even if user has >> customized Org to execute code without prompt. > > If that would be part of org-mode, this would be close to a > safe-org-mode. > > An important part in what I wrote about safe-org-mode is that it has to > ensure that what is shown cannot trick the user into thinking something > else would get run. > > A way to reduce risk would be to introduce a domain-allow-list (or > prefix-allow-list) in eww for filetypes that could be unsafe, so you > could for example add "orgmode.org" to your allowlist and for those > domains org-files would auto-open in org-mode. > > Such security risks have a tendency of getting weaponized down the road > when they really hurt. Like when people didn’t care about npm > dependencies and had them suddenly deleting their files. And opening in > the currently used Emacs may give a malicious file access to remote > files opened via tramp, even if you (by virtue of being careful) require > a password for the connection to sensitive servers. That way, running > something in Emacs can be even more dangerous than running it in the > shell. > and people constantly use M-x package-install to install packages from GNU ELPA, nonGNU ELPA and MELPA, often with this misguided belief that these packages are being vetted by the security fairies. As was seen after the openssl security failures, just because lots of people use something and just because lots of people may work on and look at the code, it is no guarantee the code is secure or has no malicious content. Our systems have become far too complex for such ad hoc processes providing any assurance. Likewise, as has been shown with NPM and various browser 'extension stores', packages which were once trustworthy can easily become owned/developed by new parties with less ability or are less trustworthy. While adding the sorts of controls you outline is not a bad idea, I think it is far more important to train people to accept that their system simply is not secure. You should start from the position that Emacs is not secure. Why? Because it is a large, complex and powerful piece of software which has no formal security analysis or testing and is usually augmented with numerous packages of unknown quality from largely unknown sources. Essentially, Emacs already suffers from all the same issues identified for systems like node and the NPM ecosystem. The only think which is really providing protection for us Emacs users is that the rewards for compromising Emacs are too low for the effort required. Similar to why you don't see many viruses on macOS - it isn't that it is significantly more secure than Windows (these days), but rather the pool of potential 'targets' and scale of rewards are higher when you focus on the Windows environment. It is all about return on investment. Security is a huge challenge for open source. The effort and resources required to constantly analyse and test projects for security issues is too high for most medium to large projects. The fact many open source projects also rely on other open source projects for various libraries etc also means that in addition to worrying about the security of the code in a project, the project also has to worry about 'supply chain' security i.e. ensure the external project dependencies are also secure and securely managed. So what do we do? In the famous words of Douglas Adams "Don't Panic! Rather than worry if some package or change will make Emacs less secure, assume it already is insecure and then examine how you use it and consider both the likelihood of being compromised and the impact when that occurs. This will differ depending on who you are and what you do. For example, if your a researcher working in a field where your research has high commercial value or a journalist working in countries with a poor human rights history and government parties may want to compromise your sources etc, both the likelihood and consequences could be high and you may need to take additional measures or modify how you use emacs (e.g. only use packages you have reviewed and tested and only update after formal review and testing of updated version, don't use Emacs for email or web browsing, only run emacs in an isolated locked down container etc). On the other hand, if your just a keen hobbyist, the likelihood and consequences of a security breach are both likely low and you may decide adding additional packages is an acceptable risk. Even if you decide your risks are low, you may still decide to not use Emacs for some purposes. For example, you might decide not to use Emacs for password management or not use Emacs packages which require you to keep sensitive data (toekns, passwords, API keys etc) using insecure mechanisms etc. Keep in mind that convenience and complexity are often the two biggest threats to security. Assess risks within your own personal context as what is appropriate for one person may not be for another. ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 21:41 ` Tim Cross @ 2022-10-27 10:43 ` Dr. Arne Babenhauserheide 0 siblings, 0 replies; 53+ messages in thread From: Dr. Arne Babenhauserheide @ 2022-10-27 10:43 UTC (permalink / raw) To: Tim Cross; +Cc: emacs-orgmode [-- Attachment #1: Type: text/plain, Size: 3689 bytes --] Tim Cross <theophilusx@gmail.com> writes: > and people constantly use M-x package-install to install packages > from GNU ELPA, nonGNU ELPA and MELPA, often with this misguided belief > that these packages are being vetted by the security fairies. Yes, and no. There is still a world of a difference between "any random website can attack me when I just navigate there" and "installing a package may not be safe". This is a false whatabout: That packages are not safe does not mean that attacks by any random website aren’t much *more* dangerous. > While adding the sorts of controls you outline is not a bad idea, I > think it is far more important to train people to accept that their > system simply is not secure. This treats security as a boolean. It is not. The chance and impact of a breach matter a lot, and any random website being able to exploit a weakness in org-mode incleases the chance and impact a lot. That Emacs is not perfect does not mean that it doesn’t matter if we make it worse. > You should start from the position that > Emacs is not secure. Why? Because it is a large, complex and powerful > piece of software which has no formal security analysis or testing and > is usually augmented with numerous packages of unknown quality from > largely unknown sources. Essentially, Emacs already suffers from all the > same issues identified for systems like node and the NPM ecosystem. Yes. We should avoid adding *one more* issue that is actually worse than the others. And yes, we should rather reduce the number of packages we rely on. I’ve done that multiple times in the past. > The only think which is really providing protection for us Emacs users > is that the rewards for compromising Emacs are too low for the effort > required. Similar to why you don't see many viruses on macOS - it isn't > that it is significantly more secure than Windows (these days), but > rather the pool of potential 'targets' and scale of rewards are higher > when you focus on the Windows environment. It is all about return on investment. This is no longer true about macOS. It has grown to be a large target, but it still is hard to crack. Windows became safer by starting to add safeguards (like asking the user for admin rights before doing admin stuff — essentially sudo) and taking security seriously. > update after formal review and testing of updated version, don't use > Emacs for email or web browsing, only run emacs in an isolated locked The point here is: Without auto-switching to org-mode, using emacs for web browsing is likely reasonably safe. Adding this as default would remove that. > Even if you decide your risks are low, you may still decide to not use > Emacs for some purposes. For example, you might decide not to use Emacs > for password management or not use Emacs packages which require you to > keep sensitive data (toekns, passwords, API keys etc) using insecure > mechanisms etc. You describe that whenever we do not care about security for some mechanism, this removes this part of Emacs from the features people with some security needs can use. It breaks the integration of Emacs — which is one of its biggest strengths — if we have to say “for convenience we enabled opening any web document automatically in org-mode, so if you think that unsafe, don’t browse the web with Emacs *anymore*”. As secure as we can should be the default, not "change these random configuration settings and avoid those features to get some security". Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --] ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 6:52 ` Ihor Radchenko 2022-10-26 8:24 ` Jean Louis 2022-10-26 11:30 ` Dr. Arne Babenhauserheide @ 2022-10-26 13:15 ` Stefan Kangas 2 siblings, 0 replies; 53+ messages in thread From: Stefan Kangas @ 2022-10-26 13:15 UTC (permalink / raw) To: Ihor Radchenko; +Cc: Dr. Arne Babenhauserheide, 58774, emacs-orgmode, bugs Ihor Radchenko <yantar92@posteo.net> writes: >> Note that with the suggested feature, any link you follow risks being >> loaded in Org mode, before the user even has a chance to inspect the >> file. Which Org features, currently existing or introduced in the >> future, would EWW have to add workarounds for? > > That's not the case. Org never loads arbitrary code on loading the file > without querying the user. We seem to be miscommunicating. In the above, I was merely referring to whether org-mode is run when visiting some URL or not, which AFAIU is a binary thing (it either does, or it doesn't). You seem to be talking about security features in org-mode itself, which is related, but not the same thing. I agree that there are various security features in org-mode. I still don't think that we should run org-mode just because some URL requests it. To reiterate what I said, security problems are hard to audit and discover. We shouldn't expose users to additional risks just to add such a minor convenience feature. It is not a good trade-off. > Strictly speaking, even eww-mode may run arbitrary code given that user > puts something into eww-mode-hook. My concern is not that the users should run their own code, but that they will inadvertently run (potentially malicious) code provided by others. > I'd say that it will be safer to take care about necessary precautions > rather than leaving the user with the only option to run org-mode > manually. Adding a `safe-org-mode' would be an improvement, but orthogonal to whether or not we should automatically load org-mode when visiting any URL that presents itself as serving an org file. I think we should not do the latter. > If necessary, we can introduce a special variable in Org mode that will > disable all the potential third-party code evaluation, even if user has > customized Org to execute code without prompt. That would also be an improvement, yes. It would be even better if such a variable supported whitelisting, so that users could mark only specific files as safe for these purposes. ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 6:07 ` bug#58774: " Stefan Kangas 2022-10-26 6:52 ` Ihor Radchenko @ 2022-10-26 8:21 ` Jean Louis 2022-10-26 17:07 ` Max Nikulin 2022-10-26 20:00 ` Tim Cross 2 siblings, 1 reply; 53+ messages in thread From: Jean Louis @ 2022-10-26 8:21 UTC (permalink / raw) To: Stefan Kangas Cc: Ihor Radchenko, Dr. Arne Babenhauserheide, 58774, emacs-orgmode * Stefan Kangas <stefankangas@gmail.com> [2022-10-26 09:08]: > Ihor Radchenko <yantar92@posteo.net> writes: > > > The "problem" with shell links you are describing is a question of > > setting variables and is also disabled by default. > > > > eww-mode, when loading Org page, could simply set > > org-link-shell-confirm-function to its default value. > > Note that with the suggested feature, any link you follow risks being > loaded in Org mode, before the user even has a chance to inspect the > file. See my previous e-mail to Arne and explanation that in almost any browser, it is user's choice on how to open various content types. It implies, there are numerous risks involved, and users customizing their browsers have responsibility for their computing. Does user need group of people to dictate what is safe and what is not safe? That is contrary to free software principles, let users decide how they wish to open their files. I maybe have Common Lisp on my server and wish to open it with SBLC on my computer. That is my choice. Let me have that choice in EWW, which is native to Emacs for Org mode, which is native to Emacs. It is natural. Note that I can open Org files with other browser. But I wish to browse my Org notes directly from within Emacs , and not just invoke external browser, which in turn invokes again `emacsclient'. That works well already. I hope you understand it. > Which Org features, currently existing or introduced in the > future, would EWW have to add workarounds for? Only to recognize content type text/x-org and invoke Org mode. And let users decide if to invoke org mode on content type "text/x-org". I am even now convinced that I should be able to customize how to open various content types, but I do not get it. I was thinking eww will recognize at least mailcap file, as in email client I open Org files without problems. I see in eww.el that there is function `mailcap-view-mime' but I do not see it is used to recognize my mailcap file where I have this line: text/x-org; edit %s; nametemplate=%s.org; my "edit" script invokes emacsclient > It is very hard to foresee which parts of Org will be problematic and > have to be disabled. See the security vulnerability in enriched-mode > that prompted the release of Emacs 25.3, for example. There is no need to disable anything by default please, leave that to user choice. I can open ALL kinds of files from WWW servers and decide how to open them. That was since beginning of Internet user's choice. It is not up to browser to tell me I should not open specific content type, or for browser to disable how I view or use the file. - EWW is browser - it shall recognize content-type - it shall then invoke ANY application by users' choice for that content-type Maybe I wish to open text/x-org with mousepad editor, so let me do that. Maybe I wish to invoke different Emacs instance, let me do that. If I wish to isolate the Emacs instance I can isolate it without problems, but that shall be my users' choice. Sample method of isolation of browser on single computer: (defun browse-safe-url (url &optional arg) "Browse URL with b" (let ((username "joedoe")) ;; different username than my own ;; Insecurity settings for personal DISPLAY only (shell-command "xhost +") ;; Browse URL with different username (async-start-process "sudo" "sudo" nil "su" "-c" "--" username "-c" (format "exec iceweasel \"%s\"" url)))) > Adding this opens a can of worms that will expose unsuspecting users to > a whole class of new problems. It does not. Review well customization of content types on various browsers, it existed since beginning of WWW. Browser is not for HTML only, there are many content types. > And the only benefit is to sapve some users from having to type "M-x > org-mode RET", or adding call to a suitable hook. It is not only benefit. Every browser shall give option to users to decide how to open any content type. > All in all, this seems like a bad trade-off. So I don't think we should > add such a feature. What if I want to open Gnumeric spreadsheet with eww? You do not want to add that feature? Help me open Gnumeric spreadsheet by using eww and its content type by customization, and I will not ask you to open Org by eww, because at that point of time I will be able to customize how to open Org content type myself. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 8:21 ` Jean Louis @ 2022-10-26 17:07 ` Max Nikulin 2022-10-26 18:37 ` Jean Louis 0 siblings, 1 reply; 53+ messages in thread From: Max Nikulin @ 2022-10-26 17:07 UTC (permalink / raw) To: Stefan Kangas, 58774, emacs-orgmode On 26/10/2022 15:21, Jean Louis wrote: > > (defun browse-safe-url (url &optional arg) ----------------^^^^ > "Browse URL with b" > (let ((username "joedoe")) ;; different username than my own > ;; Insecurity settings for personal DISPLAY only > (shell-command "xhost +") > ;; Browse URL with different username > (async-start-process "sudo" "sudo" nil "su" "-c" "--" username "-c" > (format "exec iceweasel \"%s\"" url)))) -------------------------------------------------^^^^^^ Do not name "safe" a function having security vulnerabilities. Leaving aside XAuth issues, it allows arbitrary command execution if URL for some reason is not properly percent-encoded. Do you think your reasoning related to security is still convincing? If you were just requested mapping of Content-Type to some mode in eww, perhaps it would pass. You demanded Org mode configured by default. Org have enough means to execute arbitrary code with minimal efforts from user side. E.g. value of table cell may be recalculated. Org files originating from non-trusted sources must be carefully evaluated before opening them in Emacs. Sometimes Org developer and maintainers do not have enough resources to react to security-related reports. An issue not so dangerous in the current state becomes really weird if Org mode becomes a default handler for files fetched from net. You may fight for your right to freely shoot your legs but you must be careful enough to not injury people around. Reputation of Emacs may be significantly affected by the requested change. I am strongly against Org mode as a default handler for files downloaded from web sites. Eww user option, if implemented, should have prominent warning that particular mode may not be ready for such usage and each case should be carefully evaluated for security issues. ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 17:07 ` Max Nikulin @ 2022-10-26 18:37 ` Jean Louis 2022-10-26 21:16 ` Dr. Arne Babenhauserheide 2022-10-26 21:56 ` indieterminacy 0 siblings, 2 replies; 53+ messages in thread From: Jean Louis @ 2022-10-26 18:37 UTC (permalink / raw) To: Max Nikulin; +Cc: Stefan Kangas, 58774, emacs-orgmode * Max Nikulin <manikulin@gmail.com> [2022-10-26 20:10]: > If you were just requested mapping of Content-Type to some mode in > eww, perhaps it would pass. That is exactly what I need, thanks > You demanded Org mode configured by default. Hmm, that could be some misunderstanding. I have .mailcap file and I know I can configure any browser to open any content type how I wish and want. My e-mail client Mutt is opening Org files sent by Sacha Chua in org mode with Emacs. It is my choice as user to skip downloading such files and inspecting them. If Mutt supports me, and Iceweasel, to open Org files with Emacs, why not Emacs's EWW cannot support me to open Org files with Emacs?? That is completely not logical. That is what I need and expect from EWW, it is more general and more useful to let user customize any content type to be opened how user wish and want. This is because in Org files I may have links and wish to open Gnumeric spreadsheet. For example, if I get text/markdown (or equivalent) it would invoke Markdown mode, for Org mode, it would invoke Org mode. > Org have enough means to execute arbitrary code with minimal efforts > from user side. E.g. value of table cell may be recalculated. Those are not issues of EWW, but of Org mode in general. Similarly, I can open spreadsheets by using Libreoffice or Gnumeric and such spreadsheets can execute macros, I do not know how "dangerous" it is, but that is my choice to decide upon it. Browser like EWW, being able to accept content types, should give to user the option to decide if to open PDF file by integrated PDF viewer or any external PDF viewer, or to download the file, or to open the file by user's customized function, mode or program. Setting up content types is freedom for users to do what they want with files. The security aspect is in this moment highly hypothetical as victims are not there. And it is matter of Org mode in general. Is there much of difference of opening Org file by using EWW or sending link to Org file to be downloaded and THEN opened by Emacs? User not knowledgable may execute arbitrary code anyway. Please do not blame the communication channel and users how some Org feature is unsafe. That is Org security issue, and not EWW issue. HTTP is for delivery of files. What user does with files is user's choice. In general any Emacs package offered for download is in general security risk, and we freely recommend them to each others. It is quite clear that it is not safe executing software which one does not understand or cannot decipher. https://www.gnu.org/software/emacs/manual/html_node/efaq/Security-risks-with-Emacs.html Me, as user, I am totally free to configure WWW server to serve something like "application/e-lisp" as content type, and to open that type with `emacs --batch file.el' if I want. "Insecurity" is thus integral part of user's choice. As Ihor and others mentioned, then it will be maybe up to user to use Org safe mode or similar. That is not business of web server, HTTP or browser. Those are delivery, retrieval and presentation tools > Org files originating from non-trusted sources must be carefully > evaluated before opening them in Emacs. Same applies to ANY kind of files that may be inherently insecure. While HTML is considered secure, Javascript less than HTML, but still contained, there are many many content types that may be insecure, startin with APK, proprietary sotware, EXE Windows files, any kind of programming languages, plugins, etc. Warnings are everywhere. Let users decide what is trusted or non trusted source. Programmers of free software shall give users freedom. I have full freedom to download Emacs Lisp packages and execute them on my computer. That is same. I just want it faster. And I also want it executed. I find it excellent that I can instruct web server to serve me Emacs lisp which I can then execute, great. It may not be your common usage scenario to find any use of it. I do. There is freedom to configure browser to open packages and install them right away, without inspecting anything. In proprietary software world that is exactly what billion of people already do, they download and execute proprietary software, there is plethora of insecurity issues there. That is up to Org mode to solve. It is similar to Emacs warning you about local variables. So put some warnings in Org mode. But do not blame browser. Browser is download, presentation and forwarding tool. In Firefox, Content type that otherwise is not configured in browser, may be either saved by default or browser may ask user how to open it by default. It is users' decision if something is safe to open or not. I am sure that safe Org mode will solve that issue. Instead of speaking hypothetically of insecurities about delivering Org mode over HTTP, let us look at numerous advantages of it, they are analogous to WWW HTML files: - Publish your Org notes on WWW, and use them from anywhere in the world, from any device running Emacs; remove cache if any in EWW, and files are gone; privacy preserved; - Use your Org files from any mobile device running Emacs; I have too many of them and in that case I need not synchronize it at all; - Fetch Org style reports, templates, and workflows, modify and report back to manager; - Browse from Org file to Org file, create Dynamic Knowledge Repositore that staff members, group members may access and deal with it; - Automatically publish Org agenda, Org files directly, without export, to WWW servers, and access from remove places; - HTTP offers authentication mechanisms to protect private data; I do not have special opinion of "publishing Org files" for unknown people, if such people are not member of the group. That would require training them to know what is Org mode, and finally why? Emacs is poor general browser tool. Greatest benefit of Org files being served and properly parsed by Emacs by using HTTP is personal and group based. It is not mainly for public use. But one could think of it being analogous to Gemini. https://gemini.circumlunar.space/ Public who does not use Emacs will not be interested in such. They may download Org files and open it from file system. Same insecurity exists by downloading them and opening them. > Sometimes Org developer and maintainers do not have enough resources > to react to security-related reports. An issue not so dangerous in > the current state becomes really weird if Org mode becomes a default > handler for files fetched from net. Your interpretation is improper, as you mentioned "default handler for files fetched from net" -- and I was very specific, for text/x-org content type that EWW get possibility to invoke org mode on such files. Quite logical. Emacs, Org mode and EWW, those shall work together. I am surprised that it does not. At least Russian Nginx WWW server supports me as user to configure it so to serve Org files as text/x-org. Though personally I have already found buggy solution with Emacs Lisp modification to eww render function. I must improve it. > You may fight for your right to freely shoot your legs but you must > be careful enough to not injury people around. Reputation of Emacs > may be significantly affected by the requested change. What a dramatic exaggeration! Congrats. > I am strongly against Org mode as a default handler for files > downloaded from web sites. Eww user option, if implemented, should > have prominent warning that particular mode may not be ready for > such usage and each case should be carefully evaluated for security > issues. Default handler is not necessary. It is enough if users can set up how to open different content types by which application or by which mode. It is now more general question, like why I cannot invoke Gnumeric on gnumeric files, or Libreoffice on spreadsheet delivered by HTTP? -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 18:37 ` Jean Louis @ 2022-10-26 21:16 ` Dr. Arne Babenhauserheide 2022-10-27 4:25 ` tomas 2022-10-26 21:56 ` indieterminacy 1 sibling, 1 reply; 53+ messages in thread From: Dr. Arne Babenhauserheide @ 2022-10-26 21:16 UTC (permalink / raw) To: Jean Louis; +Cc: Max Nikulin, Stefan Kangas, 58774, emacs-orgmode [-- Attachment #1: Type: text/plain, Size: 1648 bytes --] Jean Louis <bugs@gnu.support> writes: > Browser like EWW, being able to accept content types, should give to > user the option to decide if to open PDF file by integrated PDF viewer > or any external PDF viewer, or to download the file, or to open the > file by user's customized function, mode or program. I’m not sure why you keep pressing for this: people agreed that enabling users to configure that (as long as it’s not the default) is a good idea. There’s no discussion there. Your reply was to Max saying that this must not be the default, and that using "safe" as part of the function name is a bad idea. > Is there much of difference of opening Org file by using EWW or > sending link to Org file to be downloaded and THEN opened by Emacs? There is a difference, yes: A browser only opens inline what is deemed safe with the session-data. PDFs are only opened with pdf.js (more restricted compared to a pdf reader). Javascript is heavily restricted (with good reason). Opening org-files clicked in eww directly with org-mode is like opening a spreadsheet with active fields inline in the browser, so a rogue formula can steal the session of your banking login. > That is not business of web server, HTTP or browser. Those are > delivery, retrieval and presentation tools Yet there is so such separation between eww and org-mode. If you want that separation, you have to open the org-file in a second Emacs process. If you don’t want that separation, you have to add other precautions. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --] ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 21:16 ` Dr. Arne Babenhauserheide @ 2022-10-27 4:25 ` tomas 2022-10-27 11:10 ` Dr. Arne Babenhauserheide 0 siblings, 1 reply; 53+ messages in thread From: tomas @ 2022-10-27 4:25 UTC (permalink / raw) To: emacs-orgmode [-- Attachment #1: Type: text/plain, Size: 884 bytes --] On Wed, Oct 26, 2022 at 11:16:15PM +0200, Dr. Arne Babenhauserheide wrote: [...] > > That is not business of web server, HTTP or browser. Those are > > delivery, retrieval and presentation tools > > Yet there is so such separation between eww and org-mode. ^^^^ I think this was a typo for "no". > If you want that separation, you have to open the org-file in a second > Emacs process. > > If you don’t want that separation, you have to add other precautions. Agree fully. And to those saying "...but you do M-x package install, too": it is much easier to trust a couple of sources (ELPA, the Debian archives, what have you) than to trust the whole of the Internet (or, to put it in less confrontative terms, some random web site). Yes, those few sources can (and ocassionaly do!) go rogue. But trust is like that. Cheers -- t [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 195 bytes --] ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 4:25 ` tomas @ 2022-10-27 11:10 ` Dr. Arne Babenhauserheide 0 siblings, 0 replies; 53+ messages in thread From: Dr. Arne Babenhauserheide @ 2022-10-27 11:10 UTC (permalink / raw) To: tomas; +Cc: emacs-orgmode [-- Attachment #1: Type: text/plain, Size: 693 bytes --] <tomas@tuxteam.de> writes: > [[PGP Signed Part:Good signature from 05C82CF57AD1DA46 tomás zerolo (moep moep) <tomas@tuxteam.de> (trust undefined) created at 2022-10-27T06:25:44+0200 using DSA]] > On Wed, Oct 26, 2022 at 11:16:15PM +0200, Dr. Arne Babenhauserheide wrote: > > [...] > >> > That is not business of web server, HTTP or browser. Those are >> > delivery, retrieval and presentation tools >> >> Yet there is so such separation between eww and org-mode. > ^^^^ > > I think this was a typo for "no". Ah, yes, thank you! That should have been "no". Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --] ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 18:37 ` Jean Louis 2022-10-26 21:16 ` Dr. Arne Babenhauserheide @ 2022-10-26 21:56 ` indieterminacy 1 sibling, 0 replies; 53+ messages in thread From: indieterminacy @ 2022-10-26 21:56 UTC (permalink / raw) To: Max Nikulin, Stefan Kangas, 58774, emacs-orgmode On 26-10-2022 20:37, Jean Louis wrote: > > I do not have special opinion of "publishing Org files" for unknown > people, if such people are not member of the group. That would require > training them to know what is Org mode, and finally why? Emacs is poor > general browser tool. > > Greatest benefit of Org files being served and properly parsed by > Emacs by using HTTP is personal and group based. It is not mainly for > public use. > > But one could think of it being analogous to Gemini. > > https://gemini.circumlunar.space/ > > Public who does not use Emacs will not be interested in such. > > They may download Org files and open it from file system. Same > insecurity exists by downloading them and opening them. > Just typical that Id raise Gemini just as you bring it up yourself (so many mails to sift through) :) >> Sometimes Org developer and maintainers do not have enough resources >> to react to security-related reports. An issue not so dangerous in >> the current state becomes really weird if Org mode becomes a default >> handler for files fetched from net. > > Your interpretation is improper, as you mentioned "default handler for > files fetched from net" -- and I was very specific, for text/x-org > content type that EWW get possibility to invoke org mode on such > files. > > Quite logical. Emacs, Org mode and EWW, those shall work together. I > am surprised that it does not. > > At least Russian Nginx WWW server supports me as user to configure it > so to serve Org files as text/x-org. > > Though personally I have already found buggy solution with Emacs Lisp > modification to eww render function. I must improve it. > It is worth emphasizing that Gemini is conventionally designed to serve and receive files in isolation and that browsers are not expected to do anything beyond recognising the simple types of lines. As such ceteris paribus Id like to thing that it should operate to minimise threats of vulnerabilities such as spreadsheets being used to interact with banking services. Besides, the size and range of Gemini browsers and clients met with the size of these tools - combined with the acutal size of the Gemini community (let alone their competence grade) would make it a low priority for troublemakers to prioritise. -- Jonathan McHugh indieterminacy@libre.brussels ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 6:07 ` bug#58774: " Stefan Kangas 2022-10-26 6:52 ` Ihor Radchenko 2022-10-26 8:21 ` Jean Louis @ 2022-10-26 20:00 ` Tim Cross 2 siblings, 0 replies; 53+ messages in thread From: Tim Cross @ 2022-10-26 20:00 UTC (permalink / raw) To: emacs-orgmode Stefan Kangas <stefankangas@gmail.com> writes: > Ihor Radchenko <yantar92@posteo.net> writes: > >> The "problem" with shell links you are describing is a question of >> setting variables and is also disabled by default. >> >> eww-mode, when loading Org page, could simply set >> org-link-shell-confirm-function to its default value. > > Note that with the suggested feature, any link you follow risks being > loaded in Org mode, before the user even has a chance to inspect the > file. Which Org features, currently existing or introduced in the > future, would EWW have to add workarounds for? > > It is very hard to foresee which parts of Org will be problematic and > have to be disabled. See the security vulnerability in enriched-mode > that prompted the release of Emacs 25.3, for example. > > Adding this opens a can of worms that will expose unsuspecting users to > a whole class of new problems. And the only benefit is to save some > users from having to type "M-x org-mode RET", or adding call to a > suitable hook. > > All in all, this seems like a bad trade-off. So I don't think we should > add such a feature. This concern seems to be based on FUD rather than any real or identified risk. The risk here is no different to risks associated with opening any org document from a foreign source e.g. in an ELPA package. Note that org mode's default configuration wrt code execution is to ask the user for permission to execute. If the user can run M-x org-mode on eww buffer containing a text file which is an org file, the same risks apply and any vulnerability would need to be addressed anyway. This is also very different to the issues encountered with enrich text some years back. The problem then was with elisp code embedded in text properties. It was a bug in how enriched text processed the data. However, I think we are probably looking at this problem from the wrong level. It isn't really about how to get eww to render org files in org-mode. This issue is really about being able to customize what function is called to 'render' the data retrieved based on the content-type header of the content. Currently, it is fairly straight-forward to define a custom handler based on the URL, but not based on content-type. Being able to easily associate a function to handle downloaded content based on the content-type would be useful. Users could then easily add whatever functionality they wanted based on what the server told them about the content type. ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-25 12:06 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly Jean Louis 2022-10-25 15:02 ` Dr. Arne Babenhauserheide @ 2022-10-25 22:13 ` Ag Ibragimov 2022-10-26 8:28 ` Jean Louis 2022-10-27 4:55 ` Jean Louis 2 siblings, 1 reply; 53+ messages in thread From: Ag Ibragimov @ 2022-10-25 22:13 UTC (permalink / raw) To: Jean Louis, bug-gnu-emacs; +Cc: emacs-orgmode Can't you just use one of hooks (e.g., eww-after-render-hook) where you inspect the URL and if it's .org, just change the mode? This should be trivial to do, I think. Jean Louis <bugs@gnu.support> writes: > This wish request is related to Emacs EWW and Org mode. > > Please make EWW recognize Org file when served by WWW server. Currently > it does not recognize the MIME type text/x-org and opens the file as > text, it does not invoke the org mode. In my opinion, it should. > > Inspect following file by using lynx: > > $ lynx -head https://gnu.support/files/tmp/example.org > > uHTTP/1.1 200 OK > Server: nginx/1.14.2 > Date: Tue, 25 Oct 2022 12:04:26 GMT > Content-Type: text/x-org > Content-Length: 364 > Last-Modified: Tue, 25 Oct 2022 11:58:22 GMT > Connection: close > ETag: "6357cf5e-16c" > Accept-Ranges: bytes > > One can see that Content-Type is text/x-org > > My expectation is that EWW opens the Org file served by WWW server in > Org mode. But it doesn't. Can this be done? > > This will open opportunity to directly serve Org files by using WWW > servers and to browse such files through Emacs, meaning, bunch of notes, > tasks and similar may be kept online, with or without protection and > directly accessed by Emacs. It becomes new area or WWO or World Wide Org > environment. > > > > In GNU Emacs 29.0.50 (build 7, x86_64-pc-linux-gnu, X toolkit, cairo > version 1.17.6, Xaw3d scroll bars) of 2022-10-10 built on > protected.rcdrun.com > Repository revision: ed436db1320339862fad5ac754a6ec42de06c766 > Repository branch: master > Windowing system distributor 'The X.Org Foundation', version 11.0.12101004 > System Description: Parabola GNU/Linux-libre > > Configured using: > 'configure --with-x-toolkit=lucid' > > Configured features: > ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG > JSON LCMS2 LIBOTF LIBSYSTEMD LIBXML2 M17N_FLT MODULES NOTIFY INOTIFY > PDUMPER PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF TOOLKIT_SCROLL_BARS > WEBP X11 XAW3D XDBE XIM XINPUT2 XPM LUCID ZLIB > > Important settings: > value of $LC_ALL: en_US.UTF-8 > value of $LANG: de_DE.UTF-8 > value of $XMODIFIERS: @im=exwm-xim > locale-coding-system: utf-8-unix > > Major mode: Message > > Minor modes in effect: > mml-mode: t > tooltip-mode: t > global-eldoc-mode: t > show-paren-mode: t > electric-indent-mode: t > mouse-wheel-mode: t > tool-bar-mode: t > menu-bar-mode: t > file-name-shadow-mode: t > global-font-lock-mode: t > font-lock-mode: t > blink-cursor-mode: t > line-number-mode: t > auto-fill-function: message-do-auto-fill > transient-mark-mode: t > auto-composition-mode: t > auto-encryption-mode: t > auto-compression-mode: t > abbrev-mode: t > > Load-path shadows: > None found. > > Features: > (shadow sort emacsbug mail-extr org-timer org-colview org-clock > org-attach org-id org-archive org-agenda org-refile ol-eww eww xdg > url-queue thingatpt mm-url ol-rmail ol-mhe ol-irc ol-info ol-gnus > nnselect gnus-art mm-uu mml2015 mm-view mml-smime smime gnutls dig > gnus-sum shr pixel-fill kinsoku url-file svg dom browse-url url > url-proxy url-privacy url-expand url-methods url-history url-cookie > generate-lisp-file url-domsuf url-util url-parse auth-source cl-seq > eieio eieio-core cl-macs url-vars gnus-group gnus-undo gnus-start > gnus-dbus dbus xml gnus-cloud nnimap nnmail mail-source utf7 nnoo > parse-time gnus-spec gnus-int gnus-range message sendmail mailcap > yank-media puny rfc822 mml mml-sec password-cache epa derived epg > rfc6068 epg-config mm-decode mm-bodies mm-encode mail-parse rfc2231 > rfc2047 rfc2045 ietf-drums mailabbrev gmm-utils mailheader gnus-win gnus > nnheader gnus-util text-property-search mail-utils range mm-util > mail-prsvr wid-edit ol-docview doc-view filenotify jka-compr image-mode > exif dired dired-loaddefs ol-bibtex ol-bbdb ol-w3m ol-doi org-link-doi > reporter org ob ob-tangle ob-ref ob-lob ob-table ob-exp org-macro > org-footnote org-src ob-comint org-pcomplete pcomplete comint ansi-osc > ansi-color ring org-list org-faces org-entities noutline outline icons > org-version ob-emacs-lisp ob-core ob-eval org-table oc-basic json map > byte-opt gv bytecomp byte-compile cconv bibtex iso8601 time-date subr-x > ol rx org-keys oc org-compat advice org-macs org-loaddefs format-spec > find-func cal-menu calendar cal-loaddefs cl-loaddefs cl-lib rmc > iso-transl tooltip eldoc paren electric uniquify ediff-hook vc-hooks > lisp-float-type elisp-mode mwheel term/x-win x-win term/common-win x-dnd > tool-bar dnd fontset image regexp-opt fringe tabulated-list replace > newcomment text-mode lisp-mode prog-mode register page tab-bar menu-bar > rfn-eshadow isearch easymenu timer select scroll-bar mouse jit-lock > font-lock syntax font-core term/tty-colors frame minibuffer nadvice seq > simple cl-generic indonesian philippine cham georgian utf-8-lang > misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms > cp51932 hebrew greek romanian slovak czech european ethiopic indian > cyrillic chinese composite emoji-zwj charscript charprop case-table > epa-hook jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button > loaddefs faces cus-face macroexp files window text-properties overlay > sha1 md5 base64 format env code-pages mule custom widget keymap > hashtable-print-readable backquote threads dbusbind inotify lcms2 > dynamic-setting system-font-setting font-render-setting cairo x-toolkit > xinput2 x multi-tty make-network-process emacs) > > Memory information: > ((conses 16 180979 11753) > (symbols 48 19853 2) > (strings 32 68758 1519) > (string-bytes 1 2167162) > (vectors 16 37547) > (vector-slots 8 408250 18213) > (floats 8 277 76) > (intervals 56 424 0) > (buffers 1000 12)) > > -- > Jean > > Take action in Free Software Foundation campaigns: > https://www.fsf.org/campaigns > > In support of Richard M. Stallman > https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-25 22:13 ` Ag Ibragimov @ 2022-10-26 8:28 ` Jean Louis 2022-10-26 13:00 ` Rudolf Adamkovič 0 siblings, 1 reply; 53+ messages in thread From: Jean Louis @ 2022-10-26 8:28 UTC (permalink / raw) To: Ag Ibragimov; +Cc: bug-gnu-emacs, emacs-orgmode * Ag Ibragimov <agzam.ibragimov@gmail.com> [2022-10-26 01:13]: > Can't you just use one of hooks (e.g., eww-after-render-hook) where you > inspect the URL and if it's .org, just change the mode? > > This should be trivial to do, I think. I need to inspect content type. Not extension. My WWW file may be of HTML content type, while ending with .org, that is not the way: https://www.example.com/my.file.org could have text/html content type. Using extension on WWW is incorrect. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 8:28 ` Jean Louis @ 2022-10-26 13:00 ` Rudolf Adamkovič 2022-10-26 13:42 ` bug#58774: " Jean Louis 0 siblings, 1 reply; 53+ messages in thread From: Rudolf Adamkovič @ 2022-10-26 13:00 UTC (permalink / raw) To: Jean Louis, Ag Ibragimov; +Cc: bug-gnu-emacs, emacs-orgmode Jean Louis <bugs@gnu.support> writes: >> This should be trivial to do, I think. +1 and I say: consider contributing to EWW! I noticed that the EWW manual says PDFs are viewed inline, by default, with doc-view-mode, but this can be customized by using the mailcap (see mailcap in Emacs MIME Manual) mechanism, in particular mailcap-mime-data. For some reason, it made me think that EWW uses MIME correctly. So, I evaluated (add-to-list 'mailcap-mime-data (list "org" (cons 'viewer 'org-mode) (cons 'type "text/x-org"))) but it did not work. What the hack! To satisfy my curiosity, I decided to look at the source code. In eww.el, the eww-render procedure parses the content-type header and stores its value in a local let binding. After that, it dispatches to the various "display" procedures EWW comes with, such as ((equal (car content-type) "application/pdf") (eww-display-pdf)) The eww-display-pdf procedure then looks up the MIME viewer for the application/pdf MIME type specifically. If no dispatch fits, EWW ends up calling eww-display-raw. TL;DR EWW hard-codes a couple of MIME types. You could improve the situation in various ways. For example, you could (1) patch EWW to expose the eww-content-type for the user to use, or (2) patch EWW to look up MIME for not just the PDF. You could hack something local to you as well, but a patch would make EWW better for all of us. So, win-win! Rudy -- "Programming reliably -- must be an activity of an undeniably mathematical nature […] You see, mathematics is about thinking, and doing mathematics is always trying to think as well as possible." -- Edsger W. Dijkstra, 1981 Rudolf Adamkovič <salutis@me.com> [he/him] Studenohorská 25 84103 Bratislava Slovakia ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-26 13:00 ` Rudolf Adamkovič @ 2022-10-26 13:42 ` Jean Louis 0 siblings, 0 replies; 53+ messages in thread From: Jean Louis @ 2022-10-26 13:42 UTC (permalink / raw) To: Rudolf Adamkovič; +Cc: Ag Ibragimov, 58774, emacs-orgmode * Rudolf Adamkovič via "Bug reports for GNU Emacs, the Swiss army knife of text editors <bug-gnu-emacs@gnu.org> [2022-10-26 16:10]: > So, I evaluated > > (add-to-list 'mailcap-mime-data > (list "org" > (cons 'viewer 'org-mode) > (cons 'type "text/x-org"))) > > but it did not work. What the hack! > > To satisfy my curiosity, I decided to look at the source code. Thank you for understanding! > TL;DR EWW hard-codes a couple of MIME types. > > You could improve the situation in various ways. > > For example, you could > > (1) patch EWW to expose the eww-content-type for the user to use, or > (2) patch EWW to look up MIME for not just the PDF. Thank you for understanding. You have given me pointers what to do, my personal case is closed, though I am not the one who knows how to properly patch it, and I do not see yet that there is consensus, as few people did not understand about user preferences and rather speak how EWW should even take care of security issues for user instead of giving user freedom. I have done following to make it work personally: (defvar eww-content-type nil) (put 'eww-content-type 'permanent-local t) ;;; in eww-render I put: ;;; (setq eww-content-type content-type) (defun rcd-eww-content-type () (cond ((string-match-p "text/x-org" (car eww-content-type)) (org-mode)) (t (eww-mode)))) It is not working best, help me if you know how. I wish normal eww-mode when it is not org-mode. (add-hook 'eww-after-render-hook 'rcd-eww-content-type) And now I can browse Org files from within Emacs. Video is here: https://gnu.support/images/gnu-emacs/2022/10/2022-10-26/2022-10-26-16:35:20.ogv -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-25 12:06 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly Jean Louis 2022-10-25 15:02 ` Dr. Arne Babenhauserheide 2022-10-25 22:13 ` Ag Ibragimov @ 2022-10-27 4:55 ` Jean Louis 2022-10-27 11:13 ` Dr. Arne Babenhauserheide 2022-10-27 15:35 ` bug#58774: " Max Nikulin 2 siblings, 2 replies; 53+ messages in thread From: Jean Louis @ 2022-10-27 4:55 UTC (permalink / raw) To: bug-gnu-emacs; +Cc: emacs-orgmode * Jean Louis <bugs@gnu.support> [2022-10-25 15:14]: > > This wish request is related to Emacs EWW and Org mode. > > Please make EWW recognize Org file when served by WWW server. Currently > it does not recognize the MIME type text/x-org and opens the file as > text, it does not invoke the org mode. In my opinion, it should. Now is clear that main problem here is that Org advertises somewhere to be "text" in MIME context, while it is not, it is by default "application" and thus unsafe, see: Application Media Types https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.5 and understand difference to: Text Media Types https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.1 Thus I suggest that Org changes its MIME type and stop falsely claiming to be "text" in MIME context, but that content type: "application/x-org" become adopted, as that way it will become clear that it is unsafe opening Org as falsely claimed "plain" text. Main reason to change MIME for Org files is that Org is opened mainly by Emacs -- and Emacs itself has programming language built-in. It is equivalent to opening Perl file example.pl with "perl" command. Quote from RFC6838: ------------------- For example, a meeting scheduler might define a standard representation for information about proposed meeting dates. An intelligent user agent would use this information to conduct a dialog with the user, and might then send additional material based on that dialog. More generally, there have been several "active" languages developed in which programs in a suitably specialized language are transported to a remote location and automatically run in the recipient's environment. Such applications may be defined as subtypes of the "application" top-level type. Other comments: one can see from above that MIME types are useful to execute remote programs, and there is nothing fundamentally wrong with it. We can't just speak of safety alone when we are in general computing environment, we must also speak of usefulness. My initial request was not to execute Babel code in Org files or any other code in Org files, but the basic viewing, browsing and linking capacity of Org files, similarly to HTML. My notes are on meta level, they export to Org for presentation purposes. Not really for execution purposes. Though it is also useful. All I want is to access my personal read-only Org files by using WWW and browse from one to the other by using links. While one may achieve similar hyperlinking features with HTML export, exporting to HTML and making sure of details is very bloated activity that also requires much supervision of the presentation. It generates work and takes time. It also requires browsers, separate software to handle Org objects innate to Emacs. Why? Generating Org files with all relational referencing and making them accessible from WWW straight to Emacs makes life simpler. It implies teaching Emacs EWW how to open various content types. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 4:55 ` Jean Louis @ 2022-10-27 11:13 ` Dr. Arne Babenhauserheide 2022-10-27 17:41 ` Jean Louis 2022-10-27 15:35 ` bug#58774: " Max Nikulin 1 sibling, 1 reply; 53+ messages in thread From: Dr. Arne Babenhauserheide @ 2022-10-27 11:13 UTC (permalink / raw) To: Jean Louis; +Cc: bug-gnu-emacs, emacs-orgmode [-- Attachment #1: Type: text/plain, Size: 1946 bytes --] Jean Louis <bugs@gnu.support> writes: > * Jean Louis <bugs@gnu.support> [2022-10-25 15:14]: >> >> This wish request is related to Emacs EWW and Org mode. >> >> Please make EWW recognize Org file when served by WWW server. Currently >> it does not recognize the MIME type text/x-org and opens the file as >> text, it does not invoke the org mode. In my opinion, it should. > > Now is clear that main problem here is that Org advertises somewhere > to be "text" in MIME context, while it is not, it is by default > "application" and thus unsafe, see: > > Application Media Types > https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.5 > > and understand difference to: > > Text Media Types > https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.1 > > Thus I suggest that Org changes its MIME type and stop falsely > claiming to be "text" in MIME context, but that content type: > "application/x-org" become adopted, as that way it will become clear > that it is unsafe opening Org as falsely claimed "plain" text. You are mixing up text/plain and text/*. Orgmode is clearly text/* but not text/plain. From your link: Beyond plain text, there are many formats for representing what might be known as "rich text". An interesting characteristic of many such representations is that they are to some extent readable even without the software that interprets them. It is useful to distinguish them, at the highest level, from such unreadable data as images, audio, or text represented in an unreadable form. In the absence of appropriate interpretation software, it is reasonable to present subtypes of "text" to the user, while it is not reasonable to do so with most non-textual data. Such formatted textual data can be represented using subtypes of "text". Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --] ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 11:13 ` Dr. Arne Babenhauserheide @ 2022-10-27 17:41 ` Jean Louis 2022-10-27 21:43 ` Dr. Arne Babenhauserheide 0 siblings, 1 reply; 53+ messages in thread From: Jean Louis @ 2022-10-27 17:41 UTC (permalink / raw) To: Dr. Arne Babenhauserheide; +Cc: bug-gnu-emacs, emacs-orgmode * Dr. Arne Babenhauserheide <arne_bab@web.de> [2022-10-27 14:23]: > > Jean Louis <bugs@gnu.support> writes: > > > * Jean Louis <bugs@gnu.support> [2022-10-25 15:14]: > >> > >> This wish request is related to Emacs EWW and Org mode. > >> > >> Please make EWW recognize Org file when served by WWW server. Currently > >> it does not recognize the MIME type text/x-org and opens the file as > >> text, it does not invoke the org mode. In my opinion, it should. > > > > Now is clear that main problem here is that Org advertises somewhere > > to be "text" in MIME context, while it is not, it is by default > > "application" and thus unsafe, see: > > > > Application Media Types > > https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.5 > > > > and understand difference to: > > > > Text Media Types > > https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.1 > > > > Thus I suggest that Org changes its MIME type and stop falsely > > claiming to be "text" in MIME context, but that content type: > > "application/x-org" become adopted, as that way it will become clear > > that it is unsafe opening Org as falsely claimed "plain" text. > > You are mixing up text/plain and text/*. Orgmode is clearly text/* but > not text/plain. From your link: How do I mix it? > Beyond plain text, there are many formats for representing what might > be known as "rich text". An interesting characteristic of many such > representations is that they are to some extent readable even without > the software that interprets them. It is useful to distinguish them, > at the highest level, from such unreadable data as images, audio, or > text represented in an unreadable form. In the absence of > appropriate interpretation software, it is reasonable to present > subtypes of "text" to the user, while it is not reasonable to do so > with most non-textual data. Such formatted textual data can be > represented using subtypes of "text". Org is not just rich text for reason as explained here: https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.5 so I suggest reading it. Examples of content types for some "rich" text formats: .odt OpenDocument text document application/vnd.oasis.opendocument.text .rtf Rich Text Format (RTF) application/rtf .xhtml XHTML application/xhtml+xml xml XML application/xml is recommended as of RFC 7303 (section 4.1), but text/xml is still used sometimes. You can assign a specific MIME type to a file with .xml extension depending on how its contents are meant to be interpreted. For instance, an Atom feed is application/atom+xml, but application/xml serves as a valid default. Review definition of "application/*" type. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 17:41 ` Jean Louis @ 2022-10-27 21:43 ` Dr. Arne Babenhauserheide 0 siblings, 0 replies; 53+ messages in thread From: Dr. Arne Babenhauserheide @ 2022-10-27 21:43 UTC (permalink / raw) To: Jean Louis; +Cc: bug-gnu-emacs, emacs-orgmode [-- Attachment #1: Type: text/plain, Size: 2893 bytes --] Jean Louis <bugs@gnu.support> writes: > * Dr. Arne Babenhauserheide <arne_bab@web.de> [2022-10-27 14:23]: >> >> Jean Louis <bugs@gnu.support> writes: >> >> > * Jean Louis <bugs@gnu.support> [2022-10-25 15:14]: >> >> >> >> This wish request is related to Emacs EWW and Org mode. >> >> >> >> Please make EWW recognize Org file when served by WWW server. Currently >> >> it does not recognize the MIME type text/x-org and opens the file as >> >> text, it does not invoke the org mode. In my opinion, it should. >> > >> > Now is clear that main problem here is that Org advertises somewhere >> > to be "text" in MIME context, while it is not, it is by default >> > "application" and thus unsafe, see: >> > >> > Application Media Types >> > https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.5 >> > >> > and understand difference to: >> > >> > Text Media Types >> > https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.1 >> > >> > Thus I suggest that Org changes its MIME type and stop falsely >> > claiming to be "text" in MIME context, but that content type: >> > "application/x-org" become adopted, as that way it will become clear >> > that it is unsafe opening Org as falsely claimed "plain" text. >> >> You are mixing up text/plain and text/*. Orgmode is clearly text/* but >> not text/plain. From your link: > > How do I mix it? The paragraph about plain text only applies to text/plain. The following paragraph shows clearly that org-mode is rich-text, because it can be read without specialized program. And it is: I sometimes read org-mode documents with nano. >> Beyond plain text, there are many formats for representing what might >> be known as "rich text". An interesting characteristic of many such >> representations is that they are to some extent readable even without >> the software that interprets them. It is useful to distinguish them, >> at the highest level, from such unreadable data as images, audio, or >> text represented in an unreadable form. In the absence of >> appropriate interpretation software, it is reasonable to present >> subtypes of "text" to the user, while it is not reasonable to do so >> with most non-textual data. Such formatted textual data can be >> represented using subtypes of "text". > > Org is not just rich text for reason as explained here: > https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.5 so I > suggest reading it. This is information that must be processed by an application before it is viewable or usable by a user" That is very much *not* the case for org-mode documents. You’ll have to quote a specific point you mean, because I do not find anything that supports your point in there. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --] ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 4:55 ` Jean Louis 2022-10-27 11:13 ` Dr. Arne Babenhauserheide @ 2022-10-27 15:35 ` Max Nikulin 2022-10-27 17:58 ` Jean Louis ` (2 more replies) 1 sibling, 3 replies; 53+ messages in thread From: Max Nikulin @ 2022-10-27 15:35 UTC (permalink / raw) To: 58774, Org Mode List On 27/10/2022 11:55, Jean Louis wrote: > > Now is clear that main problem here is that Org advertises somewhere > to be "text" in MIME context, while it is not, it is by default > "application" and thus unsafe, see: ... > Text Media Types > https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.1 I do not see any problem or any difference what MIME type you are going to associate with Org mode. I agree with Arne that text/... type is more appropriate for a format readable as text. I do not see any contradictions with that RFC. "Org Mode Your life in plain text" Chromium is able to display text/x-org internally just as text/plain and I like it as a way to preview and review file contents. I have not managed to configure Firefox to achieve the same behavior that allows to avoid an external application (certainly not Emacs at first). > We can't just speak of safety alone when we are in general > computing environment, we must also speak of usefulness. I do not mind to have org-view-mode that saves me from execution some code unintentionally. Since most of the code was written without having in mind such feature, I expect a lot of iterations before all possibilities to run code will be plumbed. I suspect that it is possible to ruin whole protection by a small piece of elisp code. I am unaware of sandboxing in Emacs. I expect that making Org mode safe enough will require a lot of efforts by developers. Your are pushing Org to rather hostile environment: highly automated attacks to distribute exploits, market of breached computers listening for remote commands. A running cryptominer would be rather innocent consequence, through the same backdoor you may receive an encryptor or various stuff searching for credentials and access tokens in your files. Emacs is protected mostly by its low popularity. A lot of efforts have been invested in browser making attacks more expensive, but still attractive due to possible benefits. I do not like to increase surface for attacks. Someone may create a plugin targeting Emacs users just because it would be easy enough. Consider converting Org files to HTML as an unpleasant tax for the sake of safety. > All I want is to access my personal read-only Org files by using WWW > and browse from one to the other by using links. How are you going to distinguish your personal files and arbitrary files from non-trusted sources? By signing your files and maintaining list of trusted certificates? For personal notes I would expect e.g. private instance of nextcloud file share (that is internally HTTP server), not accessing files directly through HTTP. ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 15:35 ` bug#58774: " Max Nikulin @ 2022-10-27 17:58 ` Jean Louis 2022-10-27 21:49 ` Dr. Arne Babenhauserheide 2022-10-27 18:25 ` Jean Louis 2022-10-27 21:57 ` Dr. Arne Babenhauserheide 2 siblings, 1 reply; 53+ messages in thread From: Jean Louis @ 2022-10-27 17:58 UTC (permalink / raw) To: Max Nikulin; +Cc: 58774, Org Mode List * Max Nikulin <manikulin@gmail.com> [2022-10-27 18:40]: > On 27/10/2022 11:55, Jean Louis wrote: > > > > Now is clear that main problem here is that Org advertises somewhere > > to be "text" in MIME context, while it is not, it is by default > > "application" and thus unsafe, see: > ... > > Text Media Types > > https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.1 > > I do not see any problem or any difference what MIME type you are going to > associate with Org mode. I agree with Arne that text/... type is more > appropriate for a format readable as text. I do not see any contradictions > with that RFC. You were the one speaking and reporting that Org executes Emacs Lisp. And now you imply that it is safe to open it because it is text? 👀 If Org or any file implies possible execution when loaded, and Org implies it, it is not any more "text/*" MIME type. From: https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.5 > 4.2.5. Application Media Types > The "application" top-level type is to be used for discrete data that > do not fit under any of the other type names, and particularly for > data to be processed by some type of application program. This is > information that must be processed by an application before it is > viewable or usable by a user. That is exactly the case with Org. Of course, one could minimize org file to empty string, and say this is Org file and there is no execution necessary, so it is "text". Otherwise information must be processed by application which is clearly the Org package before it is viewable or usable by a user. > Expected uses for the "application" type name include but are not > limited to file transfer, spreadsheets, presentations, scheduling > data, and languages for "active" (computational) material. ✔️ YES, we have spreadsheets in Org which results may be viewable only after computed. ✔️ YES, we have scheduling data, which is viewable only in Org agenda or by using computations. ✔️ YES, we have languages for active computational material. > (The last, in particular, can pose security problems that must be > understood by implementors. The "application/postscript" media type > registration in [RFC2046] provides a good example of how to handle > these issues.) > For example, a meeting scheduler might define a standard > representation for information about proposed meeting dates. ✔️ YES, we have that functionality in Org. > An intelligent user agent would use this information to conduct a > dialog with the user, and might then send additional material based > on that dialog. > More generally, there have been several "active" languages developed > in which programs in a suitably specialized language are transported > to a remote location and automatically run in the recipient's > environment. Such applications may be defined as subtypes of the > "application" top-level type. ✔️ YES, that is exactly what we have in Org mode, as Babel allows executions of several active languages, and by transferring Org files, to remote location they may be automatically run in the recipient's environment. > The subtype of "application" will often either be the name or include > part of the name of the application for which the data are intended. > This does not mean, however, that any application program name may > simply be used freely as a subtype of "application"; the subtype needs > to be registered. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 17:58 ` Jean Louis @ 2022-10-27 21:49 ` Dr. Arne Babenhauserheide 0 siblings, 0 replies; 53+ messages in thread From: Dr. Arne Babenhauserheide @ 2022-10-27 21:49 UTC (permalink / raw) To: Jean Louis; +Cc: Max Nikulin, 58774, emacs-orgmode [-- Attachment #1: Type: text/plain, Size: 2984 bytes --] Jean Louis <bugs@gnu.support> writes: > * Max Nikulin <manikulin@gmail.com> [2022-10-27 18:40]: >> On 27/10/2022 11:55, Jean Louis wrote: >> > >> > Now is clear that main problem here is that Org advertises somewhere >> > to be "text" in MIME context, while it is not, it is by default >> > "application" and thus unsafe, see: >> ... >> > Text Media Types >> > https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.1 >> >> I do not see any problem or any difference what MIME type you are going to >> associate with Org mode. I agree with Arne that text/... type is more >> appropriate for a format readable as text. I do not see any contradictions >> with that RFC. > > You were the one speaking and reporting that Org executes Emacs Lisp. > > And now you imply that it is safe to open it because it is text? 👀 > > If Org or any file implies possible execution when loaded, and Org > implies it, it is not any more "text/*" MIME type. Whether or not something *can* be executed is irrelevant for text/* vs. application/*. Relevant is whether something *must* be executed for the document to be usable. > From: > https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.5 > >> 4.2.5. Application Media Types > >> The "application" top-level type is to be used for discrete data that >> do not fit under any of the other type names, and particularly for >> data to be processed by some type of application program. This is >> information that must be processed by an application before it is >> viewable or usable by a user. > > That is exactly the case with Org. Of course, one could minimize org > file to empty string, and say this is Org file and there is no > execution necessary, so it is "text". > > Otherwise information must be processed by application which is > clearly the Org package before it is viewable or usable by a user. #+title: I disagree * Firstoff because this is a valid org-structure. * Second because you can use this. #+begin_src bash echo "even the embedded source here" #+end_src * Test If you could not read the two arguments _without_ first processing this section with org-mode then I am wrong. If so, please tell me /"could not read"/. That said: If you tell me /"could not read"/ I know that you *could* read this section, so you would be wrong. * Conclusion Org mode documents belong into text/* >> Expected uses for the "application" type name include but are not >> limited to file transfer, spreadsheets, presentations, scheduling >> data, and languages for "active" (computational) material. > > ✔️ YES, we have spreadsheets in Org which results may be viewable only > after computed. application/* and text/* are not distinguished by their domain, but by whether they are readable as plain text. Same for your other points. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --] ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 15:35 ` bug#58774: " Max Nikulin 2022-10-27 17:58 ` Jean Louis @ 2022-10-27 18:25 ` Jean Louis 2022-10-27 19:53 ` Quiliro Ordóñez 2022-10-27 19:58 ` Quiliro Ordóñez 2022-10-27 21:57 ` Dr. Arne Babenhauserheide 2 siblings, 2 replies; 53+ messages in thread From: Jean Louis @ 2022-10-27 18:25 UTC (permalink / raw) To: Max Nikulin; +Cc: 58774, Org Mode List * Max Nikulin <manikulin@gmail.com> [2022-10-27 18:41]: > Chromium is able to display text/x-org internally just as text/plain and I > like it as a way to preview and review file contents. Org file is for Emacs. It is not for Chromium. Just as you can display application/json in Chromium as text, does not make application/json less "application/*" MIME type. Displaying Org in Chromium is useless, as I cannot use Org features, Chromium is not for that, and it's not suitable example. Suitable example is that Chromium may be configured to open Org file correctly with Emacs and as you have mentioned, there will be executions. > I have not managed to configure Firefox to achieve the same behavior > that allows to avoid an external application (certainly not Emacs at > first). I wonder on which mailing list I am. Of course I want Org file be opened by Emacs. I am user of Org files and Emacs. I am not vim user (unless Emacs flunks). > > We can't just speak of safety alone when we are in general > > computing environment, we must also speak of usefulness. > > I do not mind to have org-view-mode that saves me from execution some code > unintentionally. Since most of the code was written without having in mind > such feature, I expect a lot of iterations before all possibilities to run > code will be plumbed. I suspect that it is possible to ruin whole protection > by a small piece of elisp code. I am unaware of sandboxing in Emacs. I > expect that making Org mode safe enough will require a lot of efforts by > developers. Exactly. > Your are pushing Org to rather hostile environment: highly automated > attacks to distribute exploits, market of breached computers > listening for remote commands. Tittle-tattle. 😵💫 But America has been already discovered. Remember, any type of application, software, is already for billions of times delivered by Internet and executed on user's devices. Flatpak, APK, EXE files, Java, shell files, hoooooo, too long list. And where we are now? In Emacs world, where packages are distributed from all kinds of sources and executed on users's computers. "Pushing Org" to rather hostile environment is exaggeration. > A running cryptominer would be rather innocent consequence, through > the same backdoor you may receive an encryptor or various stuff > searching for credentials and access tokens in your files. Of course I understand that. Do you wish to say that users should not have the freedom to customize web browser to click on Org file and open it with Emacs? Are we not on Emacs related mailing list? If I am pushing Org into hostile environment, than you are implying that we as Org users are hostile environemnt. Are we really? > Emacs is protected mostly by its low popularity. A lot of efforts > have been invested in browser making attacks more expensive, but > still attractive due to possible benefits. I do not like to increase > surface for attacks. Someone may create a plugin targeting Emacs > users just because it would be easy enough. And? > Consider converting Org files to HTML as an unpleasant tax for the > sake of safety. Personally, definitely not. Such files do not give me freedom to work with my Org data. It is way of presenting things, not handling it. > > All I want is to access my personal read-only Org files by using WWW > > and browse from one to the other by using links. > > How are you going to distinguish your personal files and arbitrary files > from non-trusted sources? By signing your files and maintaining list of > trusted certificates? 🤣 Am I Joe Biden or other gaga that I do not know what are my files? > For personal notes I would expect e.g. private instance of nextcloud > file share (that is internally HTTP server), not accessing files > directly through HTTP. HTTP is transfer protocol, not my mamma to tell me what I am going to transfer in my room. Nextcloud is application that runs on computer and is served by web server. It allows file share to public as well. I understand your point of protecting private files on web server. That shall be natural to every person hosting such files. Nextcloud is bloated way to do such hosting. Simplest way to protect files is to upload files and use web server authentication. And web server does not mean that files are distributed on public WWW. We use here ethernet, and we share files from device to device by using HTTP server. You can't access those files, they are beyond public IP address space. I need help to make it work right, can you help? I load this: (defvar eww-content-type nil) (put 'eww-content-type 'permanent-local t) then I put this below in `eww-render' after (let ;;; (setq eww-content-type content-type) Then I use this: (defun rcd-eww-content-type () (cond ((string-match-p "text/x-org" (car eww-content-type)) (org-mode)) (t WHAT-HERE?))) (add-hook 'eww-after-render-hook 'rcd-eww-content-type) But I am doing it wrong, that will correctly invoke org mode, but then it does not return back to normal EWW work. I have tried to remember the major mode and invoke it again. But it is not that it works. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 18:25 ` Jean Louis @ 2022-10-27 19:53 ` Quiliro Ordóñez 2022-10-27 19:58 ` Quiliro Ordóñez 1 sibling, 0 replies; 53+ messages in thread From: Quiliro Ordóñez @ 2022-10-27 19:53 UTC (permalink / raw) To: Max Nikulin, 58774, Org Mode List El 2022-10-27 13:25, Jean Louis escribió: > But I am doing it wrong, that will correctly invoke org mode, but then > it does not return back to normal EWW work. I have tried to remember > the major mode and invoke it again. But it is not that it works. Isn't that what hooks do? Perhaps I did not understand them correctly. ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 18:25 ` Jean Louis 2022-10-27 19:53 ` Quiliro Ordóñez @ 2022-10-27 19:58 ` Quiliro Ordóñez 1 sibling, 0 replies; 53+ messages in thread From: Quiliro Ordóñez @ 2022-10-27 19:58 UTC (permalink / raw) To: Max Nikulin, 58774, Org Mode List I think that this would be very useful for me. In fact, it would be a good way to make Emac work without being a tool for corporations (as Firefox is) to control user's computers (unless the user decides to allow running Babel by default). Maybe even Gemini is a good candidate to work this out. ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 15:35 ` bug#58774: " Max Nikulin 2022-10-27 17:58 ` Jean Louis 2022-10-27 18:25 ` Jean Louis @ 2022-10-27 21:57 ` Dr. Arne Babenhauserheide 2022-10-27 22:18 ` Jean Louis 2022-10-27 23:20 ` Ihor Radchenko 2 siblings, 2 replies; 53+ messages in thread From: Dr. Arne Babenhauserheide @ 2022-10-27 21:57 UTC (permalink / raw) To: Max Nikulin; +Cc: 58774, emacs-orgmode [-- Attachment #1: Type: text/plain, Size: 1040 bytes --] Max Nikulin <manikulin@gmail.com> writes: > How are you going to distinguish your personal files and arbitrary > files from non-trusted sources? By signing your files and maintaining > list of trusted certificates? One idea that could work well is to add an explicit allow-list trusted-sources-to-allow-unsafe-modes with entries of domain and path-prefix where people can add trusted sources. If for example my server were draketo.de,¹ I could set this list to '(("https://www.draketo.de" "/software")) and when I would then open a link like https://www.draketo.de/software/advent-of-wisp-code-2021.org with eww, it would directly switch to org-mode. If, however, I would open the link https://draketo.de.evil.attacks/software/advent-of-wisp-code-2021.org with eww, it would display it as plain text, because it would not be in the list of trusted sources. Best wishes, Arne ¹: hypothetically speaking :-) -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --] ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 21:57 ` Dr. Arne Babenhauserheide @ 2022-10-27 22:18 ` Jean Louis 2022-10-27 23:14 ` Dr. Arne Babenhauserheide 2022-10-27 23:20 ` Ihor Radchenko 1 sibling, 1 reply; 53+ messages in thread From: Jean Louis @ 2022-10-27 22:18 UTC (permalink / raw) To: Dr. Arne Babenhauserheide; +Cc: Max Nikulin, 58774, emacs-orgmode * Dr. Arne Babenhauserheide <arne_bab@web.de> [2022-10-28 01:11]: > > Max Nikulin <manikulin@gmail.com> writes: > > > How are you going to distinguish your personal files and arbitrary > > files from non-trusted sources? By signing your files and maintaining > > list of trusted certificates? > > One idea that could work well is to add an explicit allow-list > trusted-sources-to-allow-unsafe-modes with entries of domain and > path-prefix where people can add trusted sources. That implies that for every content type you are supposed to do the same. And what makes you want to limit people how they want to run their Org files? -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 22:18 ` Jean Louis @ 2022-10-27 23:14 ` Dr. Arne Babenhauserheide 0 siblings, 0 replies; 53+ messages in thread From: Dr. Arne Babenhauserheide @ 2022-10-27 23:14 UTC (permalink / raw) To: Jean Louis; +Cc: Max Nikulin, 58774, emacs-orgmode [-- Attachment #1: Type: text/plain, Size: 1186 bytes --] Jean Louis <bugs@gnu.support> writes: > * Dr. Arne Babenhauserheide <arne_bab@web.de> [2022-10-28 01:11]: >> >> Max Nikulin <manikulin@gmail.com> writes: >> >> > How are you going to distinguish your personal files and arbitrary >> > files from non-trusted sources? By signing your files and maintaining >> > list of trusted certificates? >> >> One idea that could work well is to add an explicit allow-list >> trusted-sources-to-allow-unsafe-modes with entries of domain and >> path-prefix where people can add trusted sources. > > That implies that for every content type you are supposed to do the > same. No, you misunderstood the proposal. > And what makes you want to limit people how they want to run their Org > files? The wish to limit the fallout when¹ this gets weaponized by criminals. If you explicitly allow-list trusted sources, bad actors have to take over your trusted server to attack you. That’s much less likely than bad actors taking over some random long-unmainted server of a link you stumbled upon. ¹: when, not if. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --] ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 21:57 ` Dr. Arne Babenhauserheide 2022-10-27 22:18 ` Jean Louis @ 2022-10-27 23:20 ` Ihor Radchenko 2022-10-28 8:28 ` Dr. Arne Babenhauserheide 1 sibling, 1 reply; 53+ messages in thread From: Ihor Radchenko @ 2022-10-27 23:20 UTC (permalink / raw) To: Dr. Arne Babenhauserheide; +Cc: Max Nikulin, 58774, emacs-orgmode "Dr. Arne Babenhauserheide" <arne_bab@web.de> writes: > Max Nikulin <manikulin@gmail.com> writes: > >> How are you going to distinguish your personal files and arbitrary >> files from non-trusted sources? By signing your files and maintaining >> list of trusted certificates? > > One idea that could work well is to add an explicit allow-list > trusted-sources-to-allow-unsafe-modes with entries of domain and > path-prefix where people can add trusted sources. > > If for example my server were draketo.de,¹ I could set this list to > > '(("https://www.draketo.de" "/software")) > > and when I would then open a link like > > https://www.draketo.de/software/advent-of-wisp-code-2021.org > > with eww, it would directly switch to org-mode. > > > If, however, I would open the link > > https://draketo.de.evil.attacks/software/advent-of-wisp-code-2021.org > > with eww, it would display it as plain text, because it would not be in > the list of trusted sources. I am a bit lost about the aim of this tread, but let me share some existing remote resource controls we have employed on the latest Org: (defun org--should-fetch-remote-resource-p (uri) "Return non-nil if the URI should be fetched." (defun org--safe-remote-resource-p (uri) "Return non-nil if URI is considered safe. This checks every pattern in `org-safe-remote-resources', and returns non-nil if any of them match." (defun org--confirm-resource-safe (uri) "Ask the user if URI should be considered safe, returning non-nil if so." You can check the implementation at https://git.savannah.gnu.org/cgit/emacs/org-mode.git/tree/lisp/org.el#n4540 -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at <https://orgmode.org/>. Support Org development at <https://liberapay.com/org-mode>, or support my work at <https://liberapay.com/yantar92> ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-27 23:20 ` Ihor Radchenko @ 2022-10-28 8:28 ` Dr. Arne Babenhauserheide 2022-11-02 4:09 ` Ihor Radchenko 0 siblings, 1 reply; 53+ messages in thread From: Dr. Arne Babenhauserheide @ 2022-10-28 8:28 UTC (permalink / raw) To: Ihor Radchenko; +Cc: Max Nikulin, 58774, emacs-orgmode [-- Attachment #1: Type: text/plain, Size: 1608 bytes --] Ihor Radchenko <yantar92@posteo.net> writes: > "Dr. Arne Babenhauserheide" <arne_bab@web.de> writes: > >> One idea that could work well is to add an explicit allow-list >> trusted-sources-to-allow-unsafe-modes with entries of domain and >> path-prefix where people can add trusted sources. >> >> If for example my server were draketo.de,¹ I could set this list to >> >> '(("https://www.draketo.de" "/software")) >> >> and when I would then open a link like >> >> https://www.draketo.de/software/advent-of-wisp-code-2021.org >> >> with eww, it would directly switch to org-mode. > > I am a bit lost about the aim of this tread, but let me share some > existing remote resource controls we have employed on the latest Org: > (defun org--safe-remote-resource-p (uri) > "Return non-nil if URI is considered safe. > This checks every pattern in `org-safe-remote-resources', and > returns non-nil if any of them match." > You can check the implementation at > https://git.savannah.gnu.org/cgit/emacs/org-mode.git/tree/lisp/org.el#n4540 That’s pretty awesome! Thank you! So we could have companywide shared setupfiles without granting ssh-access to machines … … and to the topic: this may be something that could be re-used in eww. Though I would prefer having a less-intrusive notification than a y-n question; maybe just a message in the echo area that with a specific command this uri could be marked as safe and then get interpreted as org right away. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --] ^ permalink raw reply [flat|nested] 53+ messages in thread
* Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly 2022-10-28 8:28 ` Dr. Arne Babenhauserheide @ 2022-11-02 4:09 ` Ihor Radchenko 0 siblings, 0 replies; 53+ messages in thread From: Ihor Radchenko @ 2022-11-02 4:09 UTC (permalink / raw) To: Dr. Arne Babenhauserheide; +Cc: Max Nikulin, 58774, emacs-orgmode "Dr. Arne Babenhauserheide" <arne_bab@web.de> writes: > … and to the topic: this may be something that could be re-used in > eww. Yup. Or Emacs could even provide a unified interface to ask security questions. > Though I would prefer having a less-intrusive notification than a y-n > question; maybe just a message in the echo area that with a specific > command this uri could be marked as safe and then get interpreted as org > right away. We have modelled the dialogue after what Emacs does for file-local variables. This kind of security questions should be very clearly visible and, ideally, unified to make sure that users can easily distinguish important queries. -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at <https://orgmode.org/>. Support Org development at <https://liberapay.com/org-mode>, or support my work at <https://liberapay.com/yantar92> ^ permalink raw reply [flat|nested] 53+ messages in thread
end of thread, other threads:[~2022-11-02 4:10 UTC | newest] Thread overview: 53+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-10-25 12:06 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly Jean Louis 2022-10-25 15:02 ` Dr. Arne Babenhauserheide 2022-10-25 19:56 ` Jean Louis 2022-10-25 21:54 ` Dr. Arne Babenhauserheide 2022-10-26 7:57 ` Jean Louis 2022-10-26 11:55 ` Dr. Arne Babenhauserheide 2022-10-26 12:20 ` Jean Louis 2022-10-26 12:45 ` Andreas Schwab 2022-10-26 13:19 ` bug#58774: " Jean Louis 2022-10-26 13:55 ` Andreas Schwab 2022-10-26 17:36 ` Jean Louis 2022-10-27 7:58 ` Andreas Schwab 2022-10-27 8:40 ` Jean Louis 2022-10-27 11:22 ` Andreas Schwab 2022-10-27 11:23 ` Dr. Arne Babenhauserheide 2022-10-26 7:59 ` Jean Louis 2022-10-25 23:03 ` Ihor Radchenko 2022-10-26 6:07 ` bug#58774: " Stefan Kangas 2022-10-26 6:52 ` Ihor Radchenko 2022-10-26 8:24 ` Jean Louis 2022-10-26 20:22 ` indieterminacy 2022-10-26 11:30 ` Dr. Arne Babenhauserheide 2022-10-26 21:41 ` Tim Cross 2022-10-27 10:43 ` Dr. Arne Babenhauserheide 2022-10-26 13:15 ` Stefan Kangas 2022-10-26 8:21 ` Jean Louis 2022-10-26 17:07 ` Max Nikulin 2022-10-26 18:37 ` Jean Louis 2022-10-26 21:16 ` Dr. Arne Babenhauserheide 2022-10-27 4:25 ` tomas 2022-10-27 11:10 ` Dr. Arne Babenhauserheide 2022-10-26 21:56 ` indieterminacy 2022-10-26 20:00 ` Tim Cross 2022-10-25 22:13 ` Ag Ibragimov 2022-10-26 8:28 ` Jean Louis 2022-10-26 13:00 ` Rudolf Adamkovič 2022-10-26 13:42 ` bug#58774: " Jean Louis 2022-10-27 4:55 ` Jean Louis 2022-10-27 11:13 ` Dr. Arne Babenhauserheide 2022-10-27 17:41 ` Jean Louis 2022-10-27 21:43 ` Dr. Arne Babenhauserheide 2022-10-27 15:35 ` bug#58774: " Max Nikulin 2022-10-27 17:58 ` Jean Louis 2022-10-27 21:49 ` Dr. Arne Babenhauserheide 2022-10-27 18:25 ` Jean Louis 2022-10-27 19:53 ` Quiliro Ordóñez 2022-10-27 19:58 ` Quiliro Ordóñez 2022-10-27 21:57 ` Dr. Arne Babenhauserheide 2022-10-27 22:18 ` Jean Louis 2022-10-27 23:14 ` Dr. Arne Babenhauserheide 2022-10-27 23:20 ` Ihor Radchenko 2022-10-28 8:28 ` Dr. Arne Babenhauserheide 2022-11-02 4:09 ` Ihor Radchenko
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/emacs/org-mode.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).