Return-Path: <jinwoo68@gmail.com>
X-Original-To: notmuch@notmuchmail.org
Delivered-To: notmuch@notmuchmail.org
Received: from localhost (localhost [127.0.0.1])
	by olra.theworths.org (Postfix) with ESMTP id 699AC431FC2
	for <notmuch@notmuchmail.org>; Mon,  2 Feb 2015 12:41:35 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
X-Spam-Flag: NO
X-Spam-Score: 2.639
X-Spam-Level: **
X-Spam-Status: No, score=2.639 tagged_above=-999 required=5
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	DNS_FROM_AHBL_RHSBL=2.438, FREEMAIL_ENVFROM_END_DIGIT=1,
	FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled
Received: from olra.theworths.org ([127.0.0.1])
	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id TM8jnAuKYu+r for <notmuch@notmuchmail.org>;
	Mon,  2 Feb 2015 12:41:32 -0800 (PST)
Received: from mail-ie0-f174.google.com (mail-ie0-f174.google.com
	[209.85.223.174]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
	(No client certificate requested)
	by olra.theworths.org (Postfix) with ESMTPS id 21EE8431FC0
	for <notmuch@notmuchmail.org>; Mon,  2 Feb 2015 12:41:32 -0800 (PST)
Received: by mail-ie0-f174.google.com with SMTP id vy18so20351285iec.5
	for <notmuch@notmuchmail.org>; Mon, 02 Feb 2015 12:41:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=from:to:subject:in-reply-to:references:user-agent:date:message-id
	:mime-version:content-type;
	bh=Mbe/eSzkRHC3BQQO//CVBs7fnQI0jMM2LJXkNfBeyOc=;
	b=j0mcpW3FAYZ+eeJnI9ERzZqBmxx+CAs09rdo6G/yVE/Mg5ONCL+IwE7qZE8IQruf0t
	miHgXAKv593ZxYh73OL+oV/cEKJHxmhi9Ca1xSeF/SGkdVwowrNW3xzwEN4r/h2eW0mG
	2Zn3q8AHFWvnGST0GVnMCcYtMrROubt1eTxlYNRFD5jp8BCYk15nCX7uRCuxdiPaEPC3
	auY0550wYPgXPMX6+yyE6IbcCX7JZ8gg79Mc8g91+yKzbKs2C6tfUn6ksbI8qt1w+ezr
	Dahai86drtPtH1JWfvl9l37d8BjKwFpuwaklVGcFAZNODx9NbOq1bFhPK5ZUK9pgkuMf
	lYiA==
X-Received: by 10.107.170.162 with SMTP id g34mr20707717ioj.7.1422909691470;
	Mon, 02 Feb 2015 12:41:31 -0800 (PST)
Received: from localhost ([2620:0:1000:407c:317e:4baf:6671:315a])
	by mx.google.com with ESMTPSA id y5sm6699093ign.7.2015.02.02.12.41.30
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 02 Feb 2015 12:41:30 -0800 (PST)
From: Jinwoo Lee <jinwoo68@gmail.com>
To: Tomi Ollila <tomi.ollila@iki.fi>, notmuch@notmuchmail.org
Subject: Re: [PATCH] emacs: Add a defcustom that specifies regexp for
	blocked	remote images.
In-Reply-To: <m27fw0awc3.fsf@guru.guru-group.fi>
References: <1422903246-8621-1-git-send-email-jinwoo68@gmail.com>
	<m27fw0awc3.fsf@guru.guru-group.fi>
User-Agent: Notmuch/0.18.1 (http://notmuchmail.org) Emacs/24.4.1
	(x86_64-apple-darwin13.2.0)
Date: Mon, 02 Feb 2015 12:41:31 -0800
Message-ID: <yq65lhkgqc5g.fsf@jinwoo-macbookair.roam.corp.google.com>
MIME-Version: 1.0
Content-Type: text/plain
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: "Use and development of the notmuch mail system."
	<notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Feb 2015 20:41:35 -0000

On Mon, Feb  2, 2015 at 12:32 PM, Tomi Ollila <tomi.ollila@iki.fi> wrote:
> On Mon, Feb 02 2015, Jinwoo Lee <jinwoo68@gmail.com> wrote:
>
>> It's default value is ".", meaning all remote images will be blocked
>> by default.
>>
>> ---
>> Addressed review comments.
>
> Ok, looks good to me. David can perhaps amend away the (accidental)
> whitespace change in the last hunk ?

Ah, sorry about that.  I can revert if needed.

>
> Tomi
>
>
>> ---
>>  emacs/notmuch-show.el | 27 +++++++++++++++++++--------
>>  1 file changed, 19 insertions(+), 8 deletions(-)
>>
>> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
>> index 66350d4..5d939bb 100644
>> --- a/emacs/notmuch-show.el
>> +++ b/emacs/notmuch-show.el
>> @@ -136,6 +136,13 @@ indentation."
>>    :type 'boolean
>>    :group 'notmuch-show)
>>  
>> +;; By default, block all external images to prevent privacy leaks and
>> +;; potential attacks.
>> +(defcustom notmuch-show-text/html-blocked-images "."
>> +  "Remote images that have URLs matching this regexp will be blocked."
>> +  :type '(choice (const nil) regexp)
>> +  :group 'notmuch-show)
>> +
>>  (defvar notmuch-show-thread-id nil)
>>  (make-variable-buffer-local 'notmuch-show-thread-id)
>>  (put 'notmuch-show-thread-id 'permanent-local t)
>> @@ -771,14 +778,21 @@ will return nil if the CID is unknown or cannot be retrieved."
>>        ;; It's easier to drive shr ourselves than to work around the
>>        ;; goofy things `mm-shr' does (like irreversibly taking over
>>        ;; content ID handling).
>> -      (notmuch-show--insert-part-text/html-shr msg part)
>> +
>> +      ;; FIXME: If we block an image, offer a button to load external
>> +      ;; images.
>> +      (let ((shr-blocked-images notmuch-show-text/html-blocked-images))
>> +	(notmuch-show--insert-part-text/html-shr msg part))
>>      ;; Otherwise, let message-mode do the heavy lifting
>>      ;;
>>      ;; w3m sets up a keymap which "leaks" outside the invisible region
>>      ;; and causes strange effects in notmuch. We set
>>      ;; mm-inline-text-html-with-w3m-keymap to nil to tell w3m not to
>>      ;; set a keymap (so the normal notmuch-show-mode-map remains).
>> -    (let ((mm-inline-text-html-with-w3m-keymap nil))
>> +    (let ((mm-inline-text-html-with-w3m-keymap nil)
>> +	  ;; FIXME: If we block an image, offer a button to load external
>> +	  ;; images.
>> +	  (gnus-blocked-images notmuch-show-text/html-blocked-images))
>>        (notmuch-show-insert-part-*/* msg part content-type nth depth button))))
>>  
>>  ;; These functions are used by notmuch-show--insert-part-text/html-shr
>> @@ -797,17 +811,14 @@ will return nil if the CID is unknown or cannot be retrieved."
>>  	   ;; shr strips the "cid:" part of URL, but doesn't
>>  	   ;; URL-decode it (see RFC 2392).
>>  	   (let ((cid (url-unhex-string url)))
>> -	     (first (notmuch-show--get-cid-content cid)))))
>> -	;; Block all external images to prevent privacy leaks and
>> -	;; potential attacks.  FIXME: If we block an image, offer a
>> -	;; button to load external images.
>> -	(shr-blocked-images "."))
>> +	     (first (notmuch-show--get-cid-content cid))))))
>>      (shr-insert-document dom)
>>      t))
>>  
>>  (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)
>>    ;; This handler _must_ succeed - it is the handler of last resort.
>> -  (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)
>> +  (notmuch-mm-display-part-inline msg part content-type
>> +				  notmuch-show-process-crypto)
>>    t)
>>  
>>  ;; Functions for determining how to handle MIME parts.
>> -- 
>> 2.2.2
>>
>> _______________________________________________
>> notmuch mailing list
>> notmuch@notmuchmail.org
>> http://notmuchmail.org/mailman/listinfo/notmuch