Max Nikulin <maniku...@gmail.com> writes: > On 08/02/2024 00:10, Ihor Radchenko wrote: >> Max Nikulin writes: >> >>> It is a bit more tricky. Current file may be remote as well. Browsers >>> have concept of same origin for applying security and privacy measures. >>> Org needs something similar. >> >> May you please elaborate? > > Consider a file opened as /ssh:host:org/test.org that has > > #+setupfile: /ssh:host:org/include.org > > Formally it is a remote file, actually it resides on the same host as > the current document. Perhaps user consent is redundant.
`org--safe-remote-resource-p' checks the containing Org file as well, in addition to #+included URL. > ... > or the user has /ssh:host:org/ in the list of safe URIs. So there is no > need to treat such coincidence in a special way. I think that it is indeed good enough. > I am not confident in proper policy though. When some URI matches a > pattern in the safe list, likely it is suitable for files created by the > user and it is not really safe to allow it for a mail message attachment. May you elaborate? > Default protection should not be excessively strict, otherwise users > will disable it completely. Agree. -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at <https://orgmode.org/>. Support Org development at <https://liberapay.com/org-mode>, or support my work at <https://liberapay.com/yantar92>