Re: web interface to notmuch

Subject: Re: web interface to notmuch

Date: Thu, 19 Oct 2017 16:00:33 -0400

To: Daniel Kahn Gillmor

Cc: Matthew Lear, notmuch@notmuchmail.org

From: Brian Sniffen


> On Oct 19, 2017, at 12:55 PM, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> 
>> On Thu 2017-10-19 11:01:53 -0400, Brian Sniffen wrote:
>> I put together something like this, visible at
>> https://github.com/briansniffen/notmuch/tree/nmweb/contrib/notmuch-web
>> 
>> It's not much of a service.  I am pretty sure it is exploitable---that
>> content in text/html parts of messages can do Bad Things to your
>> session.
> 
> I think this is the crux of the problem, right?  I was noticing the
> other day that notmuch's own mail archives are published in pipermail,
> which is *absolutely terrible* compared to dealing with a mailstore with
> notmuch as a frontend.  I'd love to be able to expose the archive to the
> public this way.
> 
> Assuming that you had a sanitize_this_html_part() function available to
> you, do you think it would be possible to make this safe?  Have you
> considered proposing it for inclusion in contrib upstream?

I don’t think they can be sanitized. Web tech moves so fast. But maybe they can be isolated. GMail uses a separate domain for the content from the UI; I have hopes about response headers and iframe attributes. 

Also, if the whole site’s static—not just the nmweb part—you probably can’t hurt much. 
_______________________________________________
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

Thread: