From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id sGyzNHAnxV9qHQAA0tVLHw (envelope-from ) for ; Mon, 30 Nov 2020 17:10:08 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id KFd4MHAnxV9/HgAAbx9fmQ (envelope-from ) for ; Mon, 30 Nov 2020 17:10:08 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 26076940538 for ; Mon, 30 Nov 2020 17:10:08 +0000 (UTC) Received: from localhost ([::1]:48268 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kjmgg-0007CF-Lx for larch@yhetil.org; Mon, 30 Nov 2020 12:10:06 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:41616) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kjmfe-0007AG-Ry for emacs-orgmode@gnu.org; Mon, 30 Nov 2020 12:09:04 -0500 Received: from static.214.254.202.116.clients.your-server.de ([116.202.254.214]:60028 helo=ciao.gmane.io) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kjmfc-000816-Rm for emacs-orgmode@gnu.org; Mon, 30 Nov 2020 12:09:02 -0500 Received: from list by ciao.gmane.io with local (Exim 4.92) (envelope-from ) id 1kjmfY-0005f0-Vx for emacs-orgmode@gnu.org; Mon, 30 Nov 2020 18:08:56 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: emacs-orgmode@gnu.org From: Maxim Nikulin Subject: Re: Bring up a screen giving option to open a series of orgmode files Date: Tue, 1 Dec 2020 00:08:50 +0700 Message-ID: References: <169441F9-83D6-4D0F-8A23-1923B44F7C0A@health.ucsd.edu> <87eekkcwzs.fsf@localhost> <874klfcj5k.fsf@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 In-Reply-To: Content-Language: en-US Received-SPF: pass client-ip=116.202.254.214; envelope-from=geo-emacs-orgmode@m.gmane-mx.org; helo=ciao.gmane.io X-Spam_score_int: 28 X-Spam_score: 2.8 X-Spam_bar: ++ X-Spam_report: (2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FORGED_MUA_MOZILLA=2.309, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, NICE_REPLY_A=-0.001, NML_ADSP_CUSTOM_MED=0.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: "Emacs-orgmode" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -1.68 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of emacs-orgmode-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=emacs-orgmode-bounces@gnu.org X-Migadu-Queue-Id: 26076940538 X-Spam-Score: -1.68 X-Migadu-Scanner: ns3122888.ip-94-23-21.eu X-TUID: w+LODkRJiiLq 2020-29-11 Jean Louis wrote: > * Maxim Nikulin [2020-11-28 18:52]: > > Any viewer should have option to quickly construct a hyperlink and > store it somewhere with its annotation and other meta data so that > such can be reused by any other program. Xpdf do not have option to construct hyperlink, it allows to execute arbitrary command (if context matches) and pass some parameters using substitutions. It is enough e.g. to copy target of the link, to do something with page number (construct hyperlink to this page). Maybe selection region could be passed to pdftotext to extract selection text that could be inserted to a note. Surprisingly PDF viewers built in into browser have fences preventing access of browser extensions to the text content. I did not expect such limitations. There are extensions that offer translation of text selected in PDF files however. It seems they use bundled pdf.js to replace built-in viewer. Unsure that JS working with PDF file runs in proper security context. I expected a robust way for integration with note taking applications. >> De facto, extensions should communicate with HTTP servers, to >> protect users, access to filesystem is not allowed any more. > > Alright, only if it would be that secure, then this type of advise > would not be there: > > How to Run a More Secure Browser > https://www.dragonflybsd.org/docs/handbook/RunSecureBrowser/ Just one problem, if one uses a browser extension that works with local files then he have content accessible by extensions. Another extension could do something bad with such files. Mozilla XUL extensions were very powerful and had access to file system. It is impossible to ensure that there is no malicious extensions in the add-on catalog. XUL was dropped, chrome extension API has been adopted. File system is protected against bad extensions, extensions have to keep user data on some server. Only local files are protected, security model for requests to remote servers is quite poor. It is funny, that attempts to allow web applications to work with local files are not stopped, unsure if I have heard about this particular proposal earlier or it is another one: https://web.dev/file-system-access/ In the previous message I was writing about very specific problem: extension author could put code that steal files or ruin them. To solve it, extension developers were force to store user content on a remote server instead of local files. I do not think it is significantly safer. And finally, running browser under a different user is likely not enough. Browser for working with "external" resources should be isolated from home or office network (network namespace, container, virtual machine). There are enough web sites that checks which ports are open at least on the localhost. Local network could be scanned through browser as well. >> In principle, any paragraph could be addressed using >> XPath >> https://developer.mozilla.org/en-US/docs/Web/XPath/Introduction_to_using_XPath_in_JavaScript >> but it is extremely fragile since link will be likely invalid after >> web site redesign or modification of the text. > > ... > From the above link on XPath I have not figured out yet how to > generate a hyperlink to specific paragraph. I may spend days until I > figure it out. Page inspector in developer tools has a context menu entry to copy XPath to particular element. Likely you will prefer to generate link in a more smart and stable way, e,g, by looking for an element with id attribute nearby and construct a link relative to it. Maybe it is possible to implement protocol handler for custom scheme with XPath references https://developer.mozilla.org/en-US/docs/Web/API/Navigator/registerProtocolHandler > My surprise was > big when I realized that Org is there with features to manage tasks > but does not offer feature to "send the task". In my opinion, you have demonstrated that emacs and org mode are powerful enough to allow users to implement rather specific workflow with a quite small piece of code. It may be a dedicated package but I do not think it worth including such features to the base set. Docs will be longer than the code. Personally, I would expect export-based solution that strips comments, takes email addresses from some properties and saves messages to the draft folder for review before sending them.