|
| From: | Max Nikulin |
| Subject: | Re: [BUG] Org may fetch remote content without asking user consent |
| Date: | Wed, 7 Feb 2024 23:39:52 +0700 |
| User-agent: | Mozilla Thunderbird |
On 07/02/2024 23:12, Ihor Radchenko wrote:
Max Nikulin writes:#+setupfile: /dav:localhost#8000:/msg-123456.org
[...]
I think we can enable checking for anything where `file-remote-p' returns non-nil.
It is a bit more tricky. Current file may be remote as well. Browsers have concept of same origin for applying security and privacy measures. Org needs something similar. In addition, TRAMP locations should be checked against `org-safe-remote-resources' as well.
| [Prev in Thread] | Current Thread | [Next in Thread] |