[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [BUG] Org may fetch remote content without asking user consent
From: |
Max Nikulin |
Subject: |
Re: [BUG] Org may fetch remote content without asking user consent |
Date: |
Thu, 8 Feb 2024 17:50:38 +0700 |
User-agent: |
Mozilla Thunderbird |
On 08/02/2024 00:10, Ihor Radchenko wrote:
Max Nikulin writes:
It is a bit more tricky. Current file may be remote as well. Browsers
have concept of same origin for applying security and privacy measures.
Org needs something similar.
May you please elaborate?
Consider a file opened as /ssh:host:org/test.org that has
#+setupfile: /ssh:host:org/include.org
Formally it is a remote file, actually it resides on the same host as
the current document. Perhaps user consent is redundant.
On the other hand, the file likely either contains
#+setupfile: include.org
or the user has /ssh:host:org/ in the list of safe URIs. So there is no
need to treat such coincidence in a special way.
I am not confident in proper policy though. When some URI matches a
pattern in the safe list, likely it is suitable for files created by the
user and it is not really safe to allow it for a mail message attachment.
Default protection should not be excessively strict, otherwise users
will disable it completely.