Return-Path: <tomi.ollila@iki.fi>
X-Original-To: notmuch@notmuchmail.org
Delivered-To: notmuch@notmuchmail.org
Received: from localhost (localhost [127.0.0.1])
	by olra.theworths.org (Postfix) with ESMTP id A768E431FC2
	for <notmuch@notmuchmail.org>; Mon,  2 Feb 2015 12:32:44 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
X-Spam-Flag: NO
X-Spam-Score: 2.438
X-Spam-Level: **
X-Spam-Status: No, score=2.438 tagged_above=-999 required=5
	tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled
Received: from olra.theworths.org ([127.0.0.1])
	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id xveII0olZmdC for <notmuch@notmuchmail.org>;
	Mon,  2 Feb 2015 12:32:41 -0800 (PST)
Received: from guru.guru-group.fi (guru.guru-group.fi [46.183.73.34])
	by olra.theworths.org (Postfix) with ESMTP id 2C06C431FC0
	for <notmuch@notmuchmail.org>; Mon,  2 Feb 2015 12:32:41 -0800 (PST)
Received: from guru.guru-group.fi (localhost [IPv6:::1])
	by guru.guru-group.fi (Postfix) with ESMTP id BEB1E10004A;
	Mon,  2 Feb 2015 22:32:12 +0200 (EET)
From: Tomi Ollila <tomi.ollila@iki.fi>
To: Jinwoo Lee <jinwoo68@gmail.com>, notmuch@notmuchmail.org
Subject: Re: [PATCH] emacs: Add a defcustom that specifies regexp for
	blocked	remote images.
In-Reply-To: <1422903246-8621-1-git-send-email-jinwoo68@gmail.com>
References: <1422903246-8621-1-git-send-email-jinwoo68@gmail.com>
User-Agent: Notmuch/0.19+53~gb45d2f9 (http://notmuchmail.org) Emacs/24.3.1
	(x86_64-unknown-linux-gnu)
X-Face: HhBM'cA~<r"^Xv\KRN0P{vn'Y"Kd;zg_y3S[4)KSN~s?O\"QPoL
	$[Xv_BD:i/F$WiEWax}R(MPS`^UaptOGD`*/=@\1lKoVa9tnrg0TW?"r7aRtgk[F
	!)g;OY^,BjTbr)Np:%c_o'jj,Z
Date: Mon, 02 Feb 2015 22:32:12 +0200
Message-ID: <m27fw0awc3.fsf@guru.guru-group.fi>
MIME-Version: 1.0
Content-Type: text/plain
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: "Use and development of the notmuch mail system."
	<notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Feb 2015 20:32:44 -0000

On Mon, Feb 02 2015, Jinwoo Lee <jinwoo68@gmail.com> wrote:

> It's default value is ".", meaning all remote images will be blocked
> by default.
>
> ---
> Addressed review comments.

Ok, looks good to me. David can perhaps amend away the (accidental)
whitespace change in the last hunk ?

Tomi


> ---
>  emacs/notmuch-show.el | 27 +++++++++++++++++++--------
>  1 file changed, 19 insertions(+), 8 deletions(-)
>
> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
> index 66350d4..5d939bb 100644
> --- a/emacs/notmuch-show.el
> +++ b/emacs/notmuch-show.el
> @@ -136,6 +136,13 @@ indentation."
>    :type 'boolean
>    :group 'notmuch-show)
>  
> +;; By default, block all external images to prevent privacy leaks and
> +;; potential attacks.
> +(defcustom notmuch-show-text/html-blocked-images "."
> +  "Remote images that have URLs matching this regexp will be blocked."
> +  :type '(choice (const nil) regexp)
> +  :group 'notmuch-show)
> +
>  (defvar notmuch-show-thread-id nil)
>  (make-variable-buffer-local 'notmuch-show-thread-id)
>  (put 'notmuch-show-thread-id 'permanent-local t)
> @@ -771,14 +778,21 @@ will return nil if the CID is unknown or cannot be retrieved."
>        ;; It's easier to drive shr ourselves than to work around the
>        ;; goofy things `mm-shr' does (like irreversibly taking over
>        ;; content ID handling).
> -      (notmuch-show--insert-part-text/html-shr msg part)
> +
> +      ;; FIXME: If we block an image, offer a button to load external
> +      ;; images.
> +      (let ((shr-blocked-images notmuch-show-text/html-blocked-images))
> +	(notmuch-show--insert-part-text/html-shr msg part))
>      ;; Otherwise, let message-mode do the heavy lifting
>      ;;
>      ;; w3m sets up a keymap which "leaks" outside the invisible region
>      ;; and causes strange effects in notmuch. We set
>      ;; mm-inline-text-html-with-w3m-keymap to nil to tell w3m not to
>      ;; set a keymap (so the normal notmuch-show-mode-map remains).
> -    (let ((mm-inline-text-html-with-w3m-keymap nil))
> +    (let ((mm-inline-text-html-with-w3m-keymap nil)
> +	  ;; FIXME: If we block an image, offer a button to load external
> +	  ;; images.
> +	  (gnus-blocked-images notmuch-show-text/html-blocked-images))
>        (notmuch-show-insert-part-*/* msg part content-type nth depth button))))
>  
>  ;; These functions are used by notmuch-show--insert-part-text/html-shr
> @@ -797,17 +811,14 @@ will return nil if the CID is unknown or cannot be retrieved."
>  	   ;; shr strips the "cid:" part of URL, but doesn't
>  	   ;; URL-decode it (see RFC 2392).
>  	   (let ((cid (url-unhex-string url)))
> -	     (first (notmuch-show--get-cid-content cid)))))
> -	;; Block all external images to prevent privacy leaks and
> -	;; potential attacks.  FIXME: If we block an image, offer a
> -	;; button to load external images.
> -	(shr-blocked-images "."))
> +	     (first (notmuch-show--get-cid-content cid))))))
>      (shr-insert-document dom)
>      t))
>  
>  (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)
>    ;; This handler _must_ succeed - it is the handler of last resort.
> -  (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)
> +  (notmuch-mm-display-part-inline msg part content-type
> +				  notmuch-show-process-crypto)
>    t)
>  
>  ;; Functions for determining how to handle MIME parts.
> -- 
> 2.2.2
>
> _______________________________________________
> notmuch mailing list
> notmuch@notmuchmail.org
> http://notmuchmail.org/mailman/listinfo/notmuch