From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.text.pandoc/28641
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Michael Weiss <dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Newsgroups: gmane.text.pandoc
Subject: Add a flag/option to disallow all network access?
Date: Thu, 17 Jun 2021 18:18:11 +0200
Message-ID: <YMt1w2fD9xNcxSVi@jarvis.primeos.dev>
Reply-To: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="4444"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Mutt
To: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
Original-X-From: pandoc-discuss+bncBDQPX6EF2YPBBRPLVWDAMGQE5GKOU4I-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Thu Jun 17 18:18:16 2021
Return-path: <pandoc-discuss+bncBDQPX6EF2YPBBRPLVWDAMGQE5GKOU4I-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
Envelope-to: gtp-pandoc-discuss@m.gmane-mx.org
Original-Received: from mail-ed1-f60.google.com ([209.85.208.60])
	by ciao.gmane.io with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128)
	(Exim 4.92)
	(envelope-from <pandoc-discuss+bncBDQPX6EF2YPBBRPLVWDAMGQE5GKOU4I-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>)
	id 1ltuie-0000yb-21
	for gtp-pandoc-discuss@m.gmane-mx.org; Thu, 17 Jun 2021 18:18:16 +0200
Original-Received: by mail-ed1-f60.google.com with SMTP id g13-20020a056402090db02903935a4cb74fsf1940936edz.1
        for <gtp-pandoc-discuss@m.gmane-mx.org>; Thu, 17 Jun 2021 09:18:16 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1623946695; cv=pass;
        d=google.com; s=arc-20160816;
        b=zNsTy4soEZ6m9I3293BOgyx1eQaxegdqiSIJVvewlQpS6eoE8/nfbqssoxM2iGBS2F
         VRg9N8miOu0DuWXAacQieSP1bQpHUnsoSoOdFovBmQL+coRLTUCeJU706JC0FQk9pSc8
         XL4rkT+2N7wJOsi6CH3VxN0K4sHZlnMjYZU0nXQzXWNB4j4z8aWD3rZ4Hi4m5YoOxdGs
         QhgUpNVdJQHPHHDL8T8eC+oSj6/fQQNIrfsmJFiGE/HcYDiw6Yfbk/ffKh5BCjkZiWGz
         JYka23ktO6l1dq8CMFgXySgAMDZUbl2g196CK2IB5VZjqRXGLx0wmIz9x5j1oHShtg/s
         0kkg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to:user-agent
         :content-disposition:mime-version:message-id:subject:to:from:date
         :sender:dkim-signature:dkim-signature;
        bh=5v1HKUEujLNkKLsbgK5/24P2YRMG5pYKYP1ExeSY3RA=;
        b=S65moVrRAGR+MUMqHyn/BVYm5VFM/aWepgpC48zLm6IxttQnTuisEdeZ7W7cJMOGtS
         u5SihloTNcd9JioHqkTStYpg/GIj0ay9yQUXFYWKZJUt4EYLJ7U0lte2/ZE2EQbS6kFN
         +NXneDQHmNqKc3d6TfTEaYWeBHqdZGiMjnfoeIm7B8iyE52kIsnb/Unvp09KUGKa/Oeo
         quMl8QN7+Pk1bojnWsf1WeV4ZrT3rqfAvM91z9JY/5xs/6nyyoW0ArWJg3gRyfS9PrRT
         3P1vt5VT4Nx5pzXqGzGfEBYTcGMPiQ6RuV1gj5EBEhPF3wIcrdtKuWcNcRaM2Ikee3XL
         m6iw==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b="CI3RK/d6";
       spf=pass (google.com: domain of dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org designates 2a00:1450:4864:20::52c as permitted sender) smtp.mailfrom=dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:date:from:to:subject:message-id:mime-version
         :content-disposition:user-agent:x-original-sender
         :x-original-authentication-results:reply-to:precedence:mailing-list
         :list-id:list-post:list-help:list-archive:list-subscribe
         :list-unsubscribe;
        bh=5v1HKUEujLNkKLsbgK5/24P2YRMG5pYKYP1ExeSY3RA=;
        b=hfJgJhp+a1nomUdRtK+1VPTgFiGAvuH1MA3hQER09iNHYouxG5YEh9arr3qHALBoXK
         R6owulI/8L4i6f9qmWrHACbCocPYElL6dSqJNl6SVrp4VI+aPY4cY8Aj6hZdf7n7ur6j
         PTT4zSTlhMKvrYXSVQ+ngJfxBz6S+zGlo1k3LCCT59ZvlUyiCYgnq/tzLhHQ7pagk6NF
         DWfdbnvgHLTvCyW/gGSvPMvouNPdHNRZzlKI4v5vzHJq0Bb1F/ilW+TU7bVL7fOAVlgo
         02TG0jYKwnFliHE2PCDhsb2TrMydRWosZJ8ZR1wucaE+8xt2LIjwkoZTz19TS6HeTv8f
         9oRw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=date:from:to:subject:message-id:mime-version:content-disposition
         :user-agent:x-original-sender:x-original-authentication-results
         :reply-to:precedence:mailing-list:list-id:list-post:list-help
         :list-archive:list-subscribe:list-unsubscribe;
        bh=5v1HKUEujLNkKLsbgK5/24P2YRMG5pYKYP1ExeSY3RA=;
        b=A1tT9k/xW3e+xMThxpan21nJsGUAoUhSgMKNXDkqBW50l+V0zLGbma5E4DAD9MlyTu
         xj2wRSGn11m6yIacH51HJyjYp5oTcOw3ZUcJIQc4qIEpPaCQjZSx83nSAJkv4jPITs5m
         Tf7dToqLVJj5xTmyNXWSu6n93+G7p/RTyn7asYoYnCNHf5lEQAWmMUOnxnLFExCak0dm
         u/McFRBkU2xJtt5vOn2KpyJPBaKmhnC99/C2DVtGcldnYR9p3Fo+dRp/Yr/+2oj4f8tv
         gBmjbRNJI3Y6dn9xD9zBnsciq+a3T76DrzeD+bnT2bKYTrh9NDYYhTQ6CoPDiDruhfBh
         kMfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:date:from:to:subject:message-id
         :mime-version:content-disposition:user-agent:x-original-sender
         :x-original-authentication-results:reply-to:precedence:mailing-list
         :list-id:x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=5v1HKUEujLNkKLsbgK5/24P2YRMG5pYKYP1ExeSY3RA=;
        b=ZxuJK106Eh3r4JlJnupW/7/MKltHUuOIN8ASLAMtSyFLGvBAsKqFAuBcJ83HmNDT8E
         7HtNE3cSWn0gCCLvyYhIkU7+/fRV62SiebyG6rOebJhfdyf4wnOYtKuE7hH11aUC56FY
         TwfUd/3BeU+JvJIAMtw1CD0qRymxl44wgq7ZLmkVzafeBjjun0QmwezlplHh0VkhxRK0
         SflWPOQGsZvuyLLSrGiKAxIwzdwJ0VgrxzPbcDFmFvFMcwY+8vvqIXeIDrLZWPmJ1pd5
         22a8hi6uG/VXk1dsd62J7HcJxhuhUfonq6OEz12y+My0SKtWm/vYj2jowOUPtQsoiIo+
         Ah8g==
Original-Sender: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
X-Gm-Message-State: AOAM533xtCzlnw123XRgQ+J3q3v93dHq+xlGY4XN20elvSvBqRsQHWq7
	iUo7y7+BBaxRbSPf8ZkU7Xo=
X-Google-Smtp-Source: ABdhPJxoV+QgluAKRZesbb5abKolBDN/f0CsFHz7zG1FoI57Fb72+LjFBRHtjW9F9DtuyUW3hR6PXQ==
X-Received: by 2002:a17:906:3a0e:: with SMTP id z14mr6084343eje.289.1623946695211;
        Thu, 17 Jun 2021 09:18:15 -0700 (PDT)
X-BeenThere: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
Original-Received: by 2002:a17:906:4757:: with SMTP id j23ls3025393ejs.8.gmail; Thu, 17
 Jun 2021 09:18:12 -0700 (PDT)
X-Received: by 2002:a17:906:14c9:: with SMTP id y9mr6298142ejc.192.1623946692622;
        Thu, 17 Jun 2021 09:18:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1623946692; cv=none;
        d=google.com; s=arc-20160816;
        b=VmNc3Mm9faFbpI+AM/RnBSTWQPtR9Cc4bR+ulb8+PCYDTFIko8Jg89u59UZDeySUlt
         XVrOCxrGJQy6kbVMviFKUBtId3KNDYF9mibMMAhdaByUe+I88Of3Wmt/8QlouLBYovLJ
         ljZs4t4bEF9PLitmjTwx4m/y9zEPuE15cc6My27Aj1t/X+APb+Vwr8iWnJqnxhH/DCqW
         ObAECDIQZEA9TJZYgdyOc/p5FWD55dCgTdLuhJ/eYbaqMXzYVHxeGg53HCx5syjEVI3G
         i4PnmuC318edZAfdyMOS1XWcms0QQvRMV80v5SF8ql451h57YfphDK/kY1oJw+tA4I/X
         Ax2Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:content-disposition:mime-version:message-id:subject:to
         :from:date:dkim-signature;
        bh=OcLyPr6rGH6XLRynuhWJeeaGjnkg2dmkZV5UjP68jp4=;
        b=b7uWOF+vI0/kAyQaxATaLebICO3a3R5apj1f45HjOZbBaCsQiQhs6og5jDN4kP/Q3o
         Hz/Df7tENpNWd5wVIQReg30ycS6UTYodQkBrZCwdTP0Rtxm144W/x2FN9jHq7LGYZGAq
         ndUUCbHj4S9mtyT9RNf4se3tB+BE8ft4g6p3zyiOWc2itmeedGdPlXf2UtZWKZ9MZL6/
         GRuS18awd0zAQgfavHt1Ajznk3nHeSr1BfVMHLS0OBFfCpCvbElC63xAQvt+LAyWJtOD
         t3TbazFDr2dboVIO2KweJid+mUNojacaDRpKXB4KO58Ccc51t2586yOlFXlJNm1DjDOu
         QCXg==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b="CI3RK/d6";
       spf=pass (google.com: domain of dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org designates 2a00:1450:4864:20::52c as permitted sender) smtp.mailfrom=dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Original-Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com. [2a00:1450:4864:20::52c])
        by gmr-mx.google.com with ESMTPS id w2si337200edi.2.2021.06.17.09.18.12
        for <pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Thu, 17 Jun 2021 09:18:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org designates 2a00:1450:4864:20::52c as permitted sender) client-ip=2a00:1450:4864:20::52c;
Original-Received: by mail-ed1-x52c.google.com with SMTP id s15so4765934edt.13
        for <pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>; Thu, 17 Jun 2021 09:18:12 -0700 (PDT)
X-Received: by 2002:a05:6402:31a5:: with SMTP id dj5mr7730596edb.229.1623946692433;
        Thu, 17 Jun 2021 09:18:12 -0700 (PDT)
Original-Received: from jarvis.primeos.dev ([134.3.225.189])
        by smtp.gmail.com with ESMTPSA id h26sm4014304ejx.25.2021.06.17.09.18.11
        for <pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 17 Jun 2021 09:18:11 -0700 (PDT)
Content-Disposition: inline
X-Original-Sender: dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@gmail.com header.s=20161025 header.b="CI3RK/d6";       spf=pass
 (google.com: domain of dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org designates 2a00:1450:4864:20::52c
 as permitted sender) smtp.mailfrom=dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org;       dmarc=pass
 (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Precedence: list
Mailing-list: list pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org; contact pandoc-discuss+owners-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
List-ID: <pandoc-discuss.googlegroups.com>
X-Google-Group-Id: 1007024079513
List-Post: <https://groups.google.com/group/pandoc-discuss/post>, <mailto:pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
List-Help: <https://groups.google.com/support/>, <mailto:pandoc-discuss+help-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
List-Archive: <https://groups.google.com/group/pandoc-discuss
List-Subscribe: <https://groups.google.com/group/pandoc-discuss/subscribe>, <mailto:pandoc-discuss+subscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
List-Unsubscribe: <mailto:googlegroups-manage+1007024079513+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>,
 <https://groups.google.com/group/pandoc-discuss/subscribe>
Xref: news.gmane.io gmane.text.pandoc:28641
Archived-At: <http://permalink.gmane.org/gmane.text.pandoc/28641>

I currently use Pandoc for a somewhat strange(?) use-case: Converting
HTML-only emails to plaintext so that I can read them in Mutt.
I've used a text-based web browser for that in the past but recently
switched to Pandoc because it is better maintained, I trust it more to
securely parse untrusted/arbitrary HTML input [0] (is that correct or
are there any risks?), and most importantly I assumed Pandoc wouldn't
fetch any links, images, style sheets, etc. which would avoid any
tracking and therefore improve privacy.

So far this has worked very well :)
However, when I tested this setup via Email Privacy Tester [1] I noticed
that Pandoc still leaks my IP address (obviously also revealing when I
open/read the mail) by fetching an Iframe [2].

Knowing this I'm wondering if it would make sense to add a flag/option
to disallow any network access (ideally this would even be fairly simple
to implement but I'm not familiar enough with the code / Haskell).
Maybe this is even already possible via the PandocPure [3] monad?
Nonetheless it would be nice to have a CLI option/parameter like
--no-network-access (or even something like --sandboxed or --no-io to
disallow other types of IO as well).

What do you think of this feature request?

Kind regards,
Michael

PS: For my use-case I've noticed that I can avoid this issue by enabling
the raw_html extension (found that in src/Text/Pandoc/Readers/HTML.hs
but it's likely not ideal either although it does at least seem safe for
my use-case(?)). I.e. I use the following now:
text/html; pandoc --from=html+raw_html --to=plain | less
text/html; pandoc --from=html+raw_html --to=plain; copiousoutput

PPS: And thanks for Pandoc btw! It's such an awesome project that I use
for years now.

[0]: https://pandoc.org/MANUAL.html#a-note-on-security
[1]: https://www.emailprivacytester.com/
[2]: https://www.emailprivacytester.com/testDescription?test=iframe
[3]: https://pandoc.org/using-the-pandoc-api.html#the-pandocmonad-class