Re: [PATCH] Fix FAQ entry about mailto links.

[Max Nikulin]

On 07/01/2022 01:34, Robert Goldman wrote:
> The old entry referred to the variable =org-link-mailto-program= which
> was removed from org-mode almost eight years ago!  See org-mode commit
> b9f2e17f07faf01109fc6f7f1eb5a34e0f97eafb

Unfortunately FAQ has a lot of obsolete recipes. Generally it is great 
when answers are updated with contemporary info. I have a couple of 
questions concerning your patch though.

> diff --git a/org-faq.org b/org-faq.org
>
>   The default function called is =browse-url=, which opens a mail
>   composition buffer within Emacs. The type of buffer opened by
> -browse-url depends on the setting of the variable =mail-user-agent=.
> +=browse-url= depends on the setting of the variable =mail-user-agent=.

[[info:emacs#Browse-URL][info "(emacs) Browse-URL"]] link to the Emacs 
manual might be used. I am unsure however if it is really necessary.

> +You can also change the function used to a different one.  For
> +example, the following function (on MacOS) opens =mailto:= links in
> +the =MailMate= program:
> +
> +#+begin_src elisp
> +("mailto" :follow
    ^
It seems, `org-link-set-parameters' is missed. I am not an experienced 
emacs user, so my question may be naive. There is 
`browse-url-mailto-function' since Emacs-24.1 that should be called by 
`browse-url'. Is there a reason to avoid its customization instead?

> +      (lambda
> +        (path)
> +        (shell-command
> +         (format "open -a MailMate 'mailto:%s'" path))))
> +#+end_src

Shell commands require a lot of care otherwise they become an open door 
to security vulnerabilities. I am a linux user and I have tried a dialog 
application instead of real mailer for a test:

---- >8 ----
#+begin_src elisp :results silent
(org-link-set-parameters
  "mailto" :follow
        (lambda
          (path)
          (shell-command
	   (format "zenity --info --no-markup --title 'org mailto: test' --text 
'mailto:%s'" path))))
#+end_src

[[mailto:Hacker '`mktemp mailto-vulnerability.XXXXXX`' <hack@te.st>]]
---- 8< -----

Following the link (C-c C-o) caused creation of a file in the current 
directory.

Arguments to shell should be at least passed through 
`shell-quote-argument'. A better way is to use more verbose function 
that accepts arguments as a list and directly executes the binary 
without interpreting anything by shell.

Another problem that the command above blocked emacs session. I do not 
know a reliable way to launch a detached process from emacs. When 
someone adds a code that should perform such task, it usually suffers 
from a decade-old bug 
https://lists.gnu.org/archive/html/emacs-devel/2009-07/msg00279.html 
Current code in `mailcup-view-mime' and in `org-open-file' suffers from 
at least three other problems: I do not know anything about first one 
besides that it is somehow related to compatibility, another one assumed 
to be rather rare, third one is that the process have to be killed on 
exiting from emacs.

So, I hope, `make-process' is better than `shell-command', but a 
specific application might make emacs CPU hungry.

A recipe having security issues, in my opinion, is worse than no example 
at all.