binarymist
commented
6 years ago I see this is possible if the commenter subscribes via mailgun, but is there any other way? Is this a feature that we could look at doing?
Open binarymist opened 6 years ago
binarymist
commented
6 years ago I see this is possible if the commenter subscribes via mailgun, but is there any other way? Is this a feature that we could look at doing?
binarymist
commented
6 years ago ...
eduardoboucas
commented
6 years ago I'm not sure I understand the use case. Where would you want to access the email address from?
binarymist
commented
6 years ago "sent in the email notification", as in, commenter submits comment, email notification comes through with posters email address?
StephenCleary
commented
6 years ago You could use PKI to encrypt the email yourself and send it as a separate field. Then it would exist (encrypted) in the PR and in your repo, but only you would be able to decrypt it.
binarymist
commented
6 years ago To add to my last comment, right before the email address is md5'd (in staticman SaaS) could it be emailed to the website owner via mailgun?
@StephenCleary : Yip, that's a great idea. The webiste owner would have to provide the public key as a hidden field (possibly one of the form fields) as the website visitor posts, the usual md5 process as it is currently in staticman could be modified to encrypt the email address using the supplied public key, as opposed to how it's done now with single key, which only staticman has. Then the only person that can view the email address would be the website owner that has the private key to decrypt.
This sounds pretty doable. What have we missed?
StephenCleary
commented
6 years ago If you're willing to stick to modern browsers, you can encrypt it entirely client-side with the Web Crypto API.
binarymist
commented
6 years ago True, I'll have to have a play with this. Some resources I wrote for others that want to try this:
StephenCleary
commented
6 years ago Just wrote up a proof-of-concept: a webpage that encrypts using WebCrypto and a C# console app that decrypts the values.
However, this solution is limited to browsers that support WebCrypto, and a lot of the mobile browsers do not. A fallback to an API call (or a feature of Staticman) would be necessary to cover all cases. A simple "encrypt" serverless API should be easy enough to write up; perhaps I'll get around to it...
Hi, and thanks for the hard work on this project.
Is there a way using the staticman API to somehow access the commenters email (if I've configured it to be md5'd (because that's just the right thing to do))? Obviously we don't want it in a PR, but it could be sent in the email notification ethically. How about technically? Is this possible?
Thanks.