web interface to notmuch
Jani Nikula
jani at nikula.org
Sat Oct 21 13:00:00 PDT 2017
On Thu, 19 Oct 2017, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> On Thu 2017-10-19 11:01:53 -0400, Brian Sniffen wrote:
>> I put together something like this, visible at
>> https://github.com/briansniffen/notmuch/tree/nmweb/contrib/notmuch-web
>>
>> It's not much of a service. I am pretty sure it is exploitable---that
>> content in text/html parts of messages can do Bad Things to your
>> session.
>
> I think this is the crux of the problem, right? I was noticing the
> other day that notmuch's own mail archives are published in pipermail,
> which is *absolutely terrible* compared to dealing with a mailstore with
> notmuch as a frontend. I'd love to be able to expose the archive to the
> public this way.
For the list archive, we could restrict to displaying text/plain only.
BR,
Jani.
More information about the notmuch
mailing list