1 Return-Path: <jinwoo68@gmail.com>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by olra.theworths.org (Postfix) with ESMTP id 1B43E431FC2
\r
6 for <notmuch@notmuchmail.org>; Mon, 2 Feb 2015 13:05:18 -0800 (PST)
\r
7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
\r
11 X-Spam-Status: No, score=2.639 tagged_above=-999 required=5
\r
12 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
\r
13 DNS_FROM_AHBL_RHSBL=2.438, FREEMAIL_ENVFROM_END_DIGIT=1,
\r
14 FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled
\r
15 Received: from olra.theworths.org ([127.0.0.1])
\r
16 by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
\r
17 with ESMTP id I46a4eHPQLi9 for <notmuch@notmuchmail.org>;
\r
18 Mon, 2 Feb 2015 13:05:14 -0800 (PST)
\r
19 Received: from mail-ie0-f182.google.com (mail-ie0-f182.google.com
\r
20 [209.85.223.182]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
\r
21 (No client certificate requested)
\r
22 by olra.theworths.org (Postfix) with ESMTPS id D7985431FC0
\r
23 for <notmuch@notmuchmail.org>; Mon, 2 Feb 2015 13:05:14 -0800 (PST)
\r
24 Received: by mail-ie0-f182.google.com with SMTP id ar1so20455552iec.13
\r
25 for <notmuch@notmuchmail.org>; Mon, 02 Feb 2015 13:05:14 -0800 (PST)
\r
26 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
\r
27 h=from:to:cc:subject:date:message-id:in-reply-to:references;
\r
28 bh=H9rXb5RRmjey2cmR1oOH1SyStU1lN+VP7SE349D2ODc=;
\r
29 b=S116eKIm8we2lwEW5pl7jWvcOR2ppYYnvYL9Zo0N/OrgpbKDbWpyYNpjclw5qOBC3V
\r
30 aKP2XwxPsYXym5bOx3OXdYGb+ti4OHZtFHP+XQbM9U2/WEVIYwAopaID3P1kVkel7mC2
\r
31 Q2SoQM5mQ3Phw5wf4fqHejhLWdkJYKUIYbyU0WQNM/9G8I5Hrx+gInBVL9wuHi+3JI8v
\r
32 xDIzruVAnwhR2eN1Nw5wpK/TI73GK9NUbnkqGHMEm++k36rF9qQRKiENbyYklSit+sgQ
\r
33 TImh34Xf5o928il/L/atBNn5N2dFmS+1nhLWGo/AxdQHElz8dnfVVLEhXSbwUxK8vm2y
\r
35 X-Received: by 10.50.234.194 with SMTP id ug2mr14140022igc.39.1422911114338;
\r
36 Mon, 02 Feb 2015 13:05:14 -0800 (PST)
\r
37 Received: from jinwoo-macbookair.roam.corp.google.com.com ([172.19.60.210])
\r
38 by mx.google.com with ESMTPSA id
\r
39 ie15sm6734034igb.12.2015.02.02.13.05.13
\r
40 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
\r
41 Mon, 02 Feb 2015 13:05:13 -0800 (PST)
\r
42 From: Jinwoo Lee <jinwoo68@gmail.com>
\r
43 To: notmuch@notmuchmail.org
\r
44 Subject: [PATCH] emacs: Add a defcustom that specifies regexp for blocked
\r
46 Date: Mon, 2 Feb 2015 13:04:52 -0800
\r
47 Message-Id: <1422911092-18231-1-git-send-email-jinwoo68@gmail.com>
\r
48 X-Mailer: git-send-email 2.2.2
\r
49 In-Reply-To: <yq65lhkgqc5g.fsf@jinwoo-macbookair.roam.corp.google.com>
\r
50 References: <yq65lhkgqc5g.fsf@jinwoo-macbookair.roam.corp.google.com>
\r
51 X-BeenThere: notmuch@notmuchmail.org
\r
52 X-Mailman-Version: 2.1.13
\r
54 List-Id: "Use and development of the notmuch mail system."
\r
55 <notmuch.notmuchmail.org>
\r
56 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
57 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
58 List-Archive: <http://notmuchmail.org/pipermail/notmuch>
\r
59 List-Post: <mailto:notmuch@notmuchmail.org>
\r
60 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
61 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
62 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
63 X-List-Received-Date: Mon, 02 Feb 2015 21:05:18 -0000
\r
65 It's default value is ".", meaning all remote images will be blocked
\r
69 Addressed review comments.
\r
71 emacs/notmuch-show.el | 24 +++++++++++++++++-------
\r
72 1 file changed, 17 insertions(+), 7 deletions(-)
\r
74 diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
\r
75 index 66350d4..f4ad802 100644
\r
76 --- a/emacs/notmuch-show.el
\r
77 +++ b/emacs/notmuch-show.el
\r
78 @@ -136,6 +136,13 @@ indentation."
\r
80 :group 'notmuch-show)
\r
82 +;; By default, block all external images to prevent privacy leaks and
\r
83 +;; potential attacks.
\r
84 +(defcustom notmuch-show-text/html-blocked-images "."
\r
85 + "Remote images that have URLs matching this regexp will be blocked."
\r
86 + :type '(choice (const nil) regexp)
\r
87 + :group 'notmuch-show)
\r
89 (defvar notmuch-show-thread-id nil)
\r
90 (make-variable-buffer-local 'notmuch-show-thread-id)
\r
91 (put 'notmuch-show-thread-id 'permanent-local t)
\r
92 @@ -771,14 +778,21 @@ will return nil if the CID is unknown or cannot be retrieved."
\r
93 ;; It's easier to drive shr ourselves than to work around the
\r
94 ;; goofy things `mm-shr' does (like irreversibly taking over
\r
95 ;; content ID handling).
\r
96 - (notmuch-show--insert-part-text/html-shr msg part)
\r
98 + ;; FIXME: If we block an image, offer a button to load external
\r
100 + (let ((shr-blocked-images notmuch-show-text/html-blocked-images))
\r
101 + (notmuch-show--insert-part-text/html-shr msg part))
\r
102 ;; Otherwise, let message-mode do the heavy lifting
\r
104 ;; w3m sets up a keymap which "leaks" outside the invisible region
\r
105 ;; and causes strange effects in notmuch. We set
\r
106 ;; mm-inline-text-html-with-w3m-keymap to nil to tell w3m not to
\r
107 ;; set a keymap (so the normal notmuch-show-mode-map remains).
\r
108 - (let ((mm-inline-text-html-with-w3m-keymap nil))
\r
109 + (let ((mm-inline-text-html-with-w3m-keymap nil)
\r
110 + ;; FIXME: If we block an image, offer a button to load external
\r
112 + (gnus-blocked-images notmuch-show-text/html-blocked-images))
\r
113 (notmuch-show-insert-part-*/* msg part content-type nth depth button))))
\r
115 ;; These functions are used by notmuch-show--insert-part-text/html-shr
\r
116 @@ -797,11 +811,7 @@ will return nil if the CID is unknown or cannot be retrieved."
\r
117 ;; shr strips the "cid:" part of URL, but doesn't
\r
118 ;; URL-decode it (see RFC 2392).
\r
119 (let ((cid (url-unhex-string url)))
\r
120 - (first (notmuch-show--get-cid-content cid)))))
\r
121 - ;; Block all external images to prevent privacy leaks and
\r
122 - ;; potential attacks. FIXME: If we block an image, offer a
\r
123 - ;; button to load external images.
\r
124 - (shr-blocked-images "."))
\r
125 + (first (notmuch-show--get-cid-content cid))))))
\r
126 (shr-insert-document dom)
\r