emacs-orgmode
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [BUG] Org may fetch remote content without asking user consent

From: Ihor Radchenko
Subject: Re: [BUG] Org may fetch remote content without asking user consent
Date: Wed, 07 Feb 2024 17:10:25 +0000 
Max Nikulin <manikulin@gmail.com> writes:

> On 07/02/2024 23:12, Ihor Radchenko wrote:
>> Max Nikulin writes:
>> 
>>> #+setupfile: /dav:localhost#8000:/msg-123456.org
> [...]
>> I think we can enable checking for anything where `file-remote-p'
>> returns non-nil.

> ... In addition, TRAMP locations should be 
> checked against `org-safe-remote-resources' as well.

This is what I propose. `file-remote-p' will return non-nil on TRAMP locations.

> It is a bit more tricky. Current file may be remote as well. Browsers 
> have concept of same origin for applying security and privacy measures. 
> Org needs something similar.

May you please elaborate?

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]