It is not safe to automatically enable major modes, e.g. org-mode, based on the hyperdrive entry name.
See this issue for a discussion of automatically activating org-mode when navigating to an org file in eww. This feature was rejected on security grounds.
This comment suggests a domain whitelist; files located within "safe" domains would be opened using set-auto-mode. We could do the same thing for hyperdrives.
This comment describes new (late 2022) Org features which may be relevant:
(defun org--should-fetch-remote-resource-p (uri)
"Return non-nil if the URI should be fetched."
(defun org--safe-remote-resource-p (uri)
"Return non-nil if URI is considered safe.
This checks every pattern in `org-safe-remote-resources', and
returns non-nil if any of them match."
(defun org--confirm-resource-safe (uri)
"Ask the user if URI should be considered safe, returning non-nil if so."
In
hyperdrive.el, we may want to implement our own version oforg--confirm-resource-safeif it's not feasible to extend it to handlehyper://links.
Can we reuse
org-safe-remote-resourcesto indicate that it's safe to set the major mode within a certain hyperdrive? Perhaps we should create our own variable.
Until we've implemented a more flexible solution,
hyperdrive.elby default no longer loads a major mode automatically. See user optionhyperdrive-automatic-major-mode.
Resolved with the addition of
hyperdrive-mark-as-safein 1e9b892e, part of v0.4.0.
#178 discusses the security matter of loading remote resources safely. That feature will not be included in v0.4.0.