From: Michael Weiss <dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
Subject: Add a flag/option to disallow all network access?
Date: Thu, 17 Jun 2021 18:18:11 +0200 [thread overview]
Message-ID: <YMt1w2fD9xNcxSVi@jarvis.primeos.dev> (raw)
I currently use Pandoc for a somewhat strange(?) use-case: Converting
HTML-only emails to plaintext so that I can read them in Mutt.
I've used a text-based web browser for that in the past but recently
switched to Pandoc because it is better maintained, I trust it more to
securely parse untrusted/arbitrary HTML input [0] (is that correct or
are there any risks?), and most importantly I assumed Pandoc wouldn't
fetch any links, images, style sheets, etc. which would avoid any
tracking and therefore improve privacy.
So far this has worked very well :)
However, when I tested this setup via Email Privacy Tester [1] I noticed
that Pandoc still leaks my IP address (obviously also revealing when I
open/read the mail) by fetching an Iframe [2].
Knowing this I'm wondering if it would make sense to add a flag/option
to disallow any network access (ideally this would even be fairly simple
to implement but I'm not familiar enough with the code / Haskell).
Maybe this is even already possible via the PandocPure [3] monad?
Nonetheless it would be nice to have a CLI option/parameter like
--no-network-access (or even something like --sandboxed or --no-io to
disallow other types of IO as well).
What do you think of this feature request?
Kind regards,
Michael
PS: For my use-case I've noticed that I can avoid this issue by enabling
the raw_html extension (found that in src/Text/Pandoc/Readers/HTML.hs
but it's likely not ideal either although it does at least seem safe for
my use-case(?)). I.e. I use the following now:
text/html; pandoc --from=html+raw_html --to=plain | less
text/html; pandoc --from=html+raw_html --to=plain; copiousoutput
PPS: And thanks for Pandoc btw! It's such an awesome project that I use
for years now.
[0]: https://pandoc.org/MANUAL.html#a-note-on-security
[1]: https://www.emailprivacytester.com/
[2]: https://www.emailprivacytester.com/testDescription?test=iframe
[3]: https://pandoc.org/using-the-pandoc-api.html#the-pandocmonad-class
next reply other threads:[~2021-06-17 16:18 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-17 16:18 Michael Weiss [this message]
[not found] ` <YMt1w2fD9xNcxSVi-PyQmACp+/18RaqMYiN0sRPp8/MnJGftv@public.gmane.org>
2021-06-17 17:24 ` Joseph Reagle
2021-06-17 20:08 ` John MacFarlane
[not found] ` <m2h7hw1cf8.fsf-jF64zX8BO0+FqBokazbCQ6OPv3vYUT2dxr7GGTnW70NeoWH0uzbU5w@public.gmane.org>
2021-06-17 21:37 ` Michael Weiss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YMt1w2fD9xNcxSVi@jarvis.primeos.dev \
--to=dev.primeos-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).