1 Return-Path: <jinwoo68@gmail.com>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by olra.theworths.org (Postfix) with ESMTP id 699AC431FC2
\r
6 for <notmuch@notmuchmail.org>; Mon, 2 Feb 2015 12:41:35 -0800 (PST)
\r
7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
\r
11 X-Spam-Status: No, score=2.639 tagged_above=-999 required=5
\r
12 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
\r
13 DNS_FROM_AHBL_RHSBL=2.438, FREEMAIL_ENVFROM_END_DIGIT=1,
\r
14 FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled
\r
15 Received: from olra.theworths.org ([127.0.0.1])
\r
16 by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
\r
17 with ESMTP id TM8jnAuKYu+r for <notmuch@notmuchmail.org>;
\r
18 Mon, 2 Feb 2015 12:41:32 -0800 (PST)
\r
19 Received: from mail-ie0-f174.google.com (mail-ie0-f174.google.com
\r
20 [209.85.223.174]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
\r
21 (No client certificate requested)
\r
22 by olra.theworths.org (Postfix) with ESMTPS id 21EE8431FC0
\r
23 for <notmuch@notmuchmail.org>; Mon, 2 Feb 2015 12:41:32 -0800 (PST)
\r
24 Received: by mail-ie0-f174.google.com with SMTP id vy18so20351285iec.5
\r
25 for <notmuch@notmuchmail.org>; Mon, 02 Feb 2015 12:41:31 -0800 (PST)
\r
26 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
\r
27 h=from:to:subject:in-reply-to:references:user-agent:date:message-id
\r
28 :mime-version:content-type;
\r
29 bh=Mbe/eSzkRHC3BQQO//CVBs7fnQI0jMM2LJXkNfBeyOc=;
\r
30 b=j0mcpW3FAYZ+eeJnI9ERzZqBmxx+CAs09rdo6G/yVE/Mg5ONCL+IwE7qZE8IQruf0t
\r
31 miHgXAKv593ZxYh73OL+oV/cEKJHxmhi9Ca1xSeF/SGkdVwowrNW3xzwEN4r/h2eW0mG
\r
32 2Zn3q8AHFWvnGST0GVnMCcYtMrROubt1eTxlYNRFD5jp8BCYk15nCX7uRCuxdiPaEPC3
\r
33 auY0550wYPgXPMX6+yyE6IbcCX7JZ8gg79Mc8g91+yKzbKs2C6tfUn6ksbI8qt1w+ezr
\r
34 Dahai86drtPtH1JWfvl9l37d8BjKwFpuwaklVGcFAZNODx9NbOq1bFhPK5ZUK9pgkuMf
\r
36 X-Received: by 10.107.170.162 with SMTP id g34mr20707717ioj.7.1422909691470;
\r
37 Mon, 02 Feb 2015 12:41:31 -0800 (PST)
\r
38 Received: from localhost ([2620:0:1000:407c:317e:4baf:6671:315a])
\r
39 by mx.google.com with ESMTPSA id y5sm6699093ign.7.2015.02.02.12.41.30
\r
40 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
\r
41 Mon, 02 Feb 2015 12:41:30 -0800 (PST)
\r
42 From: Jinwoo Lee <jinwoo68@gmail.com>
\r
43 To: Tomi Ollila <tomi.ollila@iki.fi>, notmuch@notmuchmail.org
\r
44 Subject: Re: [PATCH] emacs: Add a defcustom that specifies regexp for
\r
45 blocked remote images.
\r
46 In-Reply-To: <m27fw0awc3.fsf@guru.guru-group.fi>
\r
47 References: <1422903246-8621-1-git-send-email-jinwoo68@gmail.com>
\r
48 <m27fw0awc3.fsf@guru.guru-group.fi>
\r
49 User-Agent: Notmuch/0.18.1 (http://notmuchmail.org) Emacs/24.4.1
\r
50 (x86_64-apple-darwin13.2.0)
\r
51 Date: Mon, 02 Feb 2015 12:41:31 -0800
\r
52 Message-ID: <yq65lhkgqc5g.fsf@jinwoo-macbookair.roam.corp.google.com>
\r
54 Content-Type: text/plain
\r
55 X-BeenThere: notmuch@notmuchmail.org
\r
56 X-Mailman-Version: 2.1.13
\r
58 List-Id: "Use and development of the notmuch mail system."
\r
59 <notmuch.notmuchmail.org>
\r
60 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
61 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
62 List-Archive: <http://notmuchmail.org/pipermail/notmuch>
\r
63 List-Post: <mailto:notmuch@notmuchmail.org>
\r
64 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
65 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
66 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
67 X-List-Received-Date: Mon, 02 Feb 2015 20:41:35 -0000
\r
69 On Mon, Feb 2, 2015 at 12:32 PM, Tomi Ollila <tomi.ollila@iki.fi> wrote:
\r
70 > On Mon, Feb 02 2015, Jinwoo Lee <jinwoo68@gmail.com> wrote:
\r
72 >> It's default value is ".", meaning all remote images will be blocked
\r
76 >> Addressed review comments.
\r
78 > Ok, looks good to me. David can perhaps amend away the (accidental)
\r
79 > whitespace change in the last hunk ?
\r
81 Ah, sorry about that. I can revert if needed.
\r
88 >> emacs/notmuch-show.el | 27 +++++++++++++++++++--------
\r
89 >> 1 file changed, 19 insertions(+), 8 deletions(-)
\r
91 >> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
\r
92 >> index 66350d4..5d939bb 100644
\r
93 >> --- a/emacs/notmuch-show.el
\r
94 >> +++ b/emacs/notmuch-show.el
\r
95 >> @@ -136,6 +136,13 @@ indentation."
\r
97 >> :group 'notmuch-show)
\r
99 >> +;; By default, block all external images to prevent privacy leaks and
\r
100 >> +;; potential attacks.
\r
101 >> +(defcustom notmuch-show-text/html-blocked-images "."
\r
102 >> + "Remote images that have URLs matching this regexp will be blocked."
\r
103 >> + :type '(choice (const nil) regexp)
\r
104 >> + :group 'notmuch-show)
\r
106 >> (defvar notmuch-show-thread-id nil)
\r
107 >> (make-variable-buffer-local 'notmuch-show-thread-id)
\r
108 >> (put 'notmuch-show-thread-id 'permanent-local t)
\r
109 >> @@ -771,14 +778,21 @@ will return nil if the CID is unknown or cannot be retrieved."
\r
110 >> ;; It's easier to drive shr ourselves than to work around the
\r
111 >> ;; goofy things `mm-shr' does (like irreversibly taking over
\r
112 >> ;; content ID handling).
\r
113 >> - (notmuch-show--insert-part-text/html-shr msg part)
\r
115 >> + ;; FIXME: If we block an image, offer a button to load external
\r
117 >> + (let ((shr-blocked-images notmuch-show-text/html-blocked-images))
\r
118 >> + (notmuch-show--insert-part-text/html-shr msg part))
\r
119 >> ;; Otherwise, let message-mode do the heavy lifting
\r
121 >> ;; w3m sets up a keymap which "leaks" outside the invisible region
\r
122 >> ;; and causes strange effects in notmuch. We set
\r
123 >> ;; mm-inline-text-html-with-w3m-keymap to nil to tell w3m not to
\r
124 >> ;; set a keymap (so the normal notmuch-show-mode-map remains).
\r
125 >> - (let ((mm-inline-text-html-with-w3m-keymap nil))
\r
126 >> + (let ((mm-inline-text-html-with-w3m-keymap nil)
\r
127 >> + ;; FIXME: If we block an image, offer a button to load external
\r
129 >> + (gnus-blocked-images notmuch-show-text/html-blocked-images))
\r
130 >> (notmuch-show-insert-part-*/* msg part content-type nth depth button))))
\r
132 >> ;; These functions are used by notmuch-show--insert-part-text/html-shr
\r
133 >> @@ -797,17 +811,14 @@ will return nil if the CID is unknown or cannot be retrieved."
\r
134 >> ;; shr strips the "cid:" part of URL, but doesn't
\r
135 >> ;; URL-decode it (see RFC 2392).
\r
136 >> (let ((cid (url-unhex-string url)))
\r
137 >> - (first (notmuch-show--get-cid-content cid)))))
\r
138 >> - ;; Block all external images to prevent privacy leaks and
\r
139 >> - ;; potential attacks. FIXME: If we block an image, offer a
\r
140 >> - ;; button to load external images.
\r
141 >> - (shr-blocked-images "."))
\r
142 >> + (first (notmuch-show--get-cid-content cid))))))
\r
143 >> (shr-insert-document dom)
\r
146 >> (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)
\r
147 >> ;; This handler _must_ succeed - it is the handler of last resort.
\r
148 >> - (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)
\r
149 >> + (notmuch-mm-display-part-inline msg part content-type
\r
150 >> + notmuch-show-process-crypto)
\r
153 >> ;; Functions for determining how to handle MIME parts.
\r
157 >> _______________________________________________
\r
158 >> notmuch mailing list
\r
159 >> notmuch@notmuchmail.org
\r
160 >> http://notmuchmail.org/mailman/listinfo/notmuch
\r
projects / notmuch-archives.git / blob