On Thu, 19 Oct 2017, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote: > On Thu 2017-10-19 11:01:53 -0400, Brian Sniffen wrote: >> I put together something like this, visible at >> https://github.com/briansniffen/notmuch/tree/nmweb/contrib/notmuch-web >> >> It's not much of a service. I am pretty sure it is exploitable---that >> content in text/html parts of messages can do Bad Things to your >> session. > > I think this is the crux of the problem, right? I was noticing the > other day that notmuch's own mail archives are published in pipermail, > which is *absolutely terrible* compared to dealing with a mailstore with > notmuch as a frontend. I'd love to be able to expose the archive to the > public this way. For the list archive, we could restrict to displaying text/plain only. BR, Jani. _______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch