>>>>> Ted Zlatanov wrote: > On Thu, 30 Jul 2009 16:03:39 -0700 (PDT) ky <[email protected]> wrote:
>>>>>>> Ted Zlatanov <[email protected]> wrote: k> [...] >>> Actually I was wondering why it is unsafe to visit links in w3m. If >>> anything, w3m is the safest web browser I use daily, much better than >>> IE, Firefox, Chrome, Opera, or Safari because it doesn't even attempt to >>> run JavaScript. What personal information is this talking about? k> [...] k> We considered image tags, that will be accessed without clicking k> those links. By special letters laid in the url, spammers will k> know that your mail address is reachable. > The problems are: > 1) all image links are disabled because of this small improvement in security > 2) it's impossible to configure by a regular user, and (I would argue) > very hard even by an expert, with a regex. > I thought about it, and have some suggestions: > - always allow image links in RSS (nnrss should set it, or mm-w3m-* > should be aware it's inside a nnrss article buffer) Maybe the groups can be controllable. For example: (defcustom mm-w3m-safe-groups "\\`nnrss[+:]" "Groups in which html articles are considered all safe. The value may be a regexp matching those groups, a list of group names, or nil. This overrides `mm-w3m-safe-url-regexp'.") That looks good and easy to implement, though I have no time for the moment. > - allow a 'ask option so the user can build a whitelist of approved > servers, and save that whitelist > - allow image links if the headers or spam.el say it's not spam > I don't know what's the right approach, but I hope you will consider my > suggestions. > Ted BTW, don't all you know the way to access unsafe links? That is `C-u RET' on links in html articles. Regards, P.S. I'm going to go to the business trip, so I may not have time to read news for some time. _______________________________________________ info-gnus-english mailing list [email protected] http://lists.gnu.org/mailman/listinfo/info-gnus-english
