Re: Link considered unsafe

[Katsumi Yamaoka]

>>>>> Ted Zlatanov wrote:
> On Thu, 30 Jul 2009 16:03:39 -0700 (PDT) ky <yamaoka@jpl.org> wrote:

>>>>>>> Ted Zlatanov <tzz@lifelogs.com> wrote:
k> [...]
>>> Actually I was wondering why it is unsafe to visit links in w3m.  If
>>> anything, w3m is the safest web browser I use daily, much better than
>>> IE, Firefox, Chrome, Opera, or Safari because it doesn't even attempt to
>>> run JavaScript.  What personal information is this talking about?
k> [...]

k> We considered image tags, that will be accessed without clicking
k> those links.  By special letters laid in the url, spammers will
k> know that your mail address is reachable.

> The problems are:

> 1) all image links are disabled because of this small improvement in security

> 2) it's impossible to configure by a regular user, and (I would argue)
> very hard even by an expert, with a regex.

> I thought about it, and have some suggestions:

> - always allow image links in RSS (nnrss should set it, or mm-w3m-*
>   should be aware it's inside a nnrss article buffer)

Maybe the groups can be controllable.  For example:

(defcustom mm-w3m-safe-groups "\\`nnrss[+:]"
  "Groups in which html articles are considered all safe.
The value may be a regexp matching those groups, a list of group names,
or nil.  This overrides `mm-w3m-safe-url-regexp'.")

That looks good and easy to implement, though I have no time for
the moment.

> - allow a 'ask option so the user can build a whitelist of approved
>   servers, and save that whitelist

> - allow image links if the headers or spam.el say it's not spam

> I don't know what's the right approach, but I hope you will consider my
> suggestions.

> Ted

BTW, don't all you know the way to access unsafe links?  That is
`C-u RET' on links in html articles.

Regards,

P.S. I'm going to go to the business trip, so I may not have time
to read news for some time.