Re: [BUG] Unsolicited download of remote resources

[Ihor Radchenko]

Max Nikulin <manikulin@gmail.com> writes:

> However it may be unclear for users that setting `t' for 
> `org-resource-download-policy' is dangerous if they use Emacs as a mail 
> client or as a handler for opening links to .org files in browsers. I 
> would consider adding "dangerous" to the label of this option and a 
> warning to the docscring.

Would you be interested to submit a patch?

> Another my concern is an attack using an attachments with multiple 
> "#+setupfile:" keywords with remote URIs. Users will be tired declining 
> specific download requests without an option to ignore all remote 
> resources. I hope, C-g it is obvious enough and it works in gnus&Co. I 
> am unsure how to implement in Emacs an approach used e.g. in 
> Thunderbird. Remote content is blocked till an explicit user action and 
> a yellow bar with an unblock button is displayed at the top of the 
> message body pane.

I am not in favor of creating such new interface as a part of Org mode.
You can propose it to Emacs upstream. If they are interested, it is
something we may consider. However, there have been multiple discussions
about delayed prompts in the context of async ELisp evaluation - AFAIR,
such ideas were not welcome on the grounds that such prompts may be
missed by the users.

What we can do is adding a new answer - "N" aka "no for all for the
duration of current command".

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>