1 Return-Path: <dkg@fifthhorseman.net>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by olra.theworths.org (Postfix) with ESMTP id A301A431FC9
\r
6 for <notmuch@notmuchmail.org>; Fri, 23 Jan 2015 10:26:42 -0800 (PST)
\r
7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
\r
11 X-Spam-Status: No, score=2.438 tagged_above=-999 required=5
\r
12 tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled
\r
13 Received: from olra.theworths.org ([127.0.0.1])
\r
14 by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
\r
15 with ESMTP id 5g2P3d-CsXlb for <notmuch@notmuchmail.org>;
\r
16 Fri, 23 Jan 2015 10:26:39 -0800 (PST)
\r
17 Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])
\r
18 by olra.theworths.org (Postfix) with ESMTP id 63E34431FBC
\r
19 for <notmuch@notmuchmail.org>; Fri, 23 Jan 2015 10:26:39 -0800 (PST)
\r
20 Received: from fifthhorseman.net (unknown [38.109.115.130])
\r
21 by che.mayfirst.org (Postfix) with ESMTPSA id 4BBF4F984
\r
22 for <notmuch@notmuchmail.org>; Fri, 23 Jan 2015 13:26:36 -0500 (EST)
\r
23 Received: by fifthhorseman.net (Postfix, from userid 1000)
\r
24 id 9531E2039E; Fri, 23 Jan 2015 13:26:43 -0500 (EST)
\r
25 From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
\r
26 To: notmuch@notmuchmail.org
\r
27 Subject: Re: [PATCH] emacs: show: allow user to hide some mime types
\r
29 In-Reply-To: <cun8ugu3qt6.fsf@gargravarr.hh.sledj.net>
\r
30 References: <1421960852-26424-1-git-send-email-markwalters1009@gmail.com>
\r
31 <cun8ugu3qt6.fsf@gargravarr.hh.sledj.net>
\r
32 User-Agent: Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1
\r
33 (x86_64-pc-linux-gnu)
\r
34 Date: Fri, 23 Jan 2015 13:26:43 -0500
\r
35 Message-ID: <87ppa5jqu4.fsf@alice.fifthhorseman.net>
\r
37 Content-Type: text/plain
\r
38 X-BeenThere: notmuch@notmuchmail.org
\r
39 X-Mailman-Version: 2.1.13
\r
41 List-Id: "Use and development of the notmuch mail system."
\r
42 <notmuch.notmuchmail.org>
\r
43 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
44 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
45 List-Archive: <http://notmuchmail.org/pipermail/notmuch>
\r
46 List-Post: <mailto:notmuch@notmuchmail.org>
\r
47 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
48 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
49 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
50 X-List-Received-Date: Fri, 23 Jan 2015 18:26:42 -0000
\r
52 On Fri 2015-01-23 02:21:41 -0500, David Edmondson wrote:
\r
53 > Whilst I think that having this knob is a good thing, I don't think that
\r
54 > it's a solution to the 'text/html renderers access the network'
\r
55 > problem. I can't sensibly (and don't wish to) disable the display of
\r
56 > text/html parts by default (colleagues generate too many text/html
\r
57 > messages to make that feasible, and I have rss2imap generate a bunch of
\r
58 > text/html messages that I want to see in their full glory), but would
\r
59 > definitely like to choose whether a message can sell me out to
\r
62 > I'm trying to say that this is good, but let's not get into the habit of
\r
63 > telling someone that complains about network access that adding
\r
64 > text/html to `notmuch-show-always-hide-types' is the solution.
\r
66 I agree with this sentiment. I had been grousing earlier (off-list)
\r
67 about rendering html messages in general (i don't like exposing
\r
68 arbitrary attacker-delivered content to a complicated parser where i can
\r
69 avoid it), so i see Mark's patch as a useful tool to prevent that
\r
70 problem, not about remote network access during render.
\r
72 preventing network access from html-rendered messages is better handled
\r
73 in a workaround by (gnus-blocked-images "."), though notmuch should
\r
74 enforce this setting by default when rendering html parts.
\r
projects / notmuch-archives.git / blob