emacs-orgmode
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bring up a screen giving option to open a series of orgmode files


From: Maxim Nikulin
Subject: Re: Bring up a screen giving option to open a series of orgmode files
Date: Tue, 1 Dec 2020 00:08:50 +0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0

2020-29-11 Jean Louis wrote:
* Maxim Nikulin [2020-11-28 18:52]:

Any viewer should have option to quickly construct a hyperlink and
store it somewhere with its annotation and other meta data so that
such can be reused by any other program.

Xpdf do not have option to construct hyperlink, it allows to execute arbitrary command (if context matches) and pass some parameters using substitutions. It is enough e.g. to copy target of the link, to do something with page number (construct hyperlink to this page). Maybe selection region could be passed to pdftotext to extract selection text that could be inserted to a note.

Surprisingly PDF viewers built in into browser have fences preventing access of browser extensions to the text content. I did not expect such limitations. There are extensions that offer translation of text selected in PDF files however. It seems they use bundled pdf.js to replace built-in viewer. Unsure that JS working with PDF file runs in proper security context. I expected a robust way for integration with note taking applications.

De facto, extensions should communicate with HTTP servers, to
protect users, access to filesystem is not allowed any more.

Alright, only if it would be that secure, then this type of advise
would not be there:

How to Run a More Secure Browser
https://www.dragonflybsd.org/docs/handbook/RunSecureBrowser/

Just one problem, if one uses a browser extension that works with local files then he have content accessible by extensions. Another extension could do something bad with such files. Mozilla XUL extensions were very powerful and had access to file system. It is impossible to ensure that there is no malicious extensions in the add-on catalog. XUL was dropped, chrome extension API has been adopted. File system is protected against bad extensions, extensions have to keep user data on some server. Only local files are protected, security model for requests to remote servers is quite poor. It is funny, that attempts to allow web applications to work with local files are not stopped, unsure if I have heard about this particular proposal earlier or it is another one: https://web.dev/file-system-access/

In the previous message I was writing about very specific problem: extension author could put code that steal files or ruin them. To solve it, extension developers were force to store user content on a remote server instead of local files. I do not think it is significantly safer.

And finally, running browser under a different user is likely not enough. Browser for working with "external" resources should be isolated from home or office network (network namespace, container, virtual machine). There are enough web sites that checks which ports are open at least on the localhost. Local network could be scanned through browser as well.

In principle, any paragraph could be addressed using
XPath
https://developer.mozilla.org/en-US/docs/Web/XPath/Introduction_to_using_XPath_in_JavaScript
but it is extremely fragile since link will be likely invalid after
web site redesign or modification of the text.

...
 From the above link on XPath I have not figured out yet how to
generate a hyperlink to specific paragraph. I may spend days until I
figure it out.

Page inspector in developer tools has a context menu entry to copy XPath to particular element. Likely you will prefer to generate link in a more smart and stable way, e,g, by looking for an element with id attribute nearby and construct a link relative to it. Maybe it is possible to implement protocol handler for custom scheme with XPath references
https://developer.mozilla.org/en-US/docs/Web/API/Navigator/registerProtocolHandler

My surprise was
big when I realized that Org is there with features to manage tasks
but does not offer feature to "send the task".

In my opinion, you have demonstrated that emacs and org mode are powerful enough to allow users to implement rather specific workflow with a quite small piece of code. It may be a dedicated package but I do not think it worth including such features to the base set. Docs will be longer than the code. Personally, I would expect export-based solution that strips comments, takes email addresses from some properties and saves messages to the draft folder for review before sending them.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]