On 18/05/2024 02:25, Stefan Monnier wrote:
Actually I've been tempted to teach my mail reader to transform HTML
into some lightweight markup (yeah, you need a bit of heuristics for
that ;-) -- say Org, but why not its poor sister Markdown.
Please don't settle for markdown. I would love a org filter!
org-mode just handles tabular data admirably 🙂
Just beware that Org's code is generally written under the implicit
assumption that the Org document is trusted, so if you try to reuse
parts of Org's code to do the rendering be extra mindful of the
potential for security holes.
Leaving aside that in bookworm emacs has not got an update fixing a
serious security issue, do you have an example of HTML to Org
converter that may generate unsafe markup?
Specifically to tables, I do not like that arbitrary code may be
executed in response to TAB or C-c C-c. However I am unsure if
formulas may appear in an Org file converted from HTML.
emacs-orgmode. Re: [BUG][Security] begin_src :var evaluated before the
prompt to confirm execution. Fri, 28 Oct 2022 11:11:18 +0700.
https://list.orgmode.org/tjfkp7$ggm$1@ciao.gmane.io
[ This applies to many other ELisp packages, of course; it's not
exclusive to Org. ]
Yesterday reading bug reports and emacs-devel threads related to
emacsclient-mail.desktop, I noticed the following:
IMHO we should stop kow-towing to the information security people who
make a huge fuss over every single bug, especially bugs like this one
which only show up when you specifically try to trigger them.