Open philmcmahon opened 1 year ago
Some options could include:
unoconv
and viewing (already installed in the template, used for converting files before printing in the sd-devices VM)If we add Firefox to the mix of software we install into the large template, we would probably want to ship a hardened default profile as well. I'm thinking NoScript installed and enabled, maybe "blackholing" proxy settings to ensure that even if a DispVM somehow ends up with a network connection that loading resources doesn't happen out of the gate.
I don't think I'm a fan of showing folks HTML in gedit
/gnome-text-editor
, I think if we'd want to do that, processing the file with html2text
first would be better.
Moving to securedrop-client. As a first iteration we should open the HTML in a text editor (gedit or similar), punting on the browser question for now.
When opening a html file in securedrop workstation the viewer VM opens with a message:
Denied: qubes.OpenInVM
Since this VM is offline, would it be safe to just open the file in a browser? If not, gedit would be better than failing entirely, perhaps with a helpful message "Opening HTML files in a browser is considered unsafe" or similar