Max Nikulin writes:
> On 08/02/2024 22:07, Ihor Radchenko wrote:
>>
>> `org--safe-remote-resource-p' checks the containing Org file as well, in
>> addition to #+included URL.
>
> If my reading of the code is correct then it considers
> /ssh:host:org/include.org as safe if
On 08/02/2024 22:07, Ihor Radchenko wrote:
Max Nikulin writes:
Max Nikulin writes:
Browsers
have concept of same origin for applying security and privacy measures.
Consider a file opened as /ssh:host:org/test.org that has
#+setupfile: /ssh:host:org/include.org
Formally it is a remote
Max Nikulin writes:
> On 08/02/2024 00:10, Ihor Radchenko wrote:
>> Max Nikulin writes:
>>
>>> It is a bit more tricky. Current file may be remote as well. Browsers
>>> have concept of same origin for applying security and privacy measures.
>>> Org needs something similar.
>>
>> May you please
On 08/02/2024 00:10, Ihor Radchenko wrote:
Max Nikulin writes:
It is a bit more tricky. Current file may be remote as well. Browsers
have concept of same origin for applying security and privacy measures.
Org needs something similar.
May you please elaborate?
Consider a file opened as
Max Nikulin writes:
> On 07/02/2024 23:12, Ihor Radchenko wrote:
>> Max Nikulin writes:
>>
>>> #+setupfile: /dav:localhost#8000:/msg-123456.org
> [...]
>> I think we can enable checking for anything where `file-remote-p'
>> returns non-nil.
> ... In addition, TRAMP locations should be
>
On 07/02/2024 23:12, Ihor Radchenko wrote:
Max Nikulin writes:
#+setupfile: /dav:localhost#8000:/msg-123456.org
[...]
I think we can enable checking for anything where `file-remote-p'
returns non-nil.
It is a bit more tricky. Current file may be remote as well. Browsers
have concept of
Max Nikulin writes:
> Consider the following .org file:
>
> --- 8< ---
> #+setupfile: /dav:localhost#8000:/msg-123456.org
> --- >8 ---
>
> When Emacs opens it, HTTP server (plain HTTP, not WebDAV is used for
> test) logs contain
> ...
> Emacs *Messages* buffer:
>
> Tramp: Opening connection for
