Max Nikulin <[email protected]> writes: > How are you going to distinguish your personal files and arbitrary > files from non-trusted sources? By signing your files and maintaining > list of trusted certificates?
One idea that could work well is to add an explicit allow-list
trusted-sources-to-allow-unsafe-modes with entries of domain and
path-prefix where people can add trusted sources.
If for example my server were draketo.de,¹ I could set this list to
'(("https://www.draketo.de"; "/software"))
and when I would then open a link like
https://www.draketo.de/software/advent-of-wisp-code-2021.org
with eww, it would directly switch to org-mode.
If, however, I would open the link
https://draketo.de.evil.attacks/software/advent-of-wisp-code-2021.org
with eww, it would display it as plain text, because it would not be in
the list of trusted sources.
Best wishes,
Arne
¹: hypothetically speaking :-)
--
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de
signature.asc
Description: PGP signature
