Return-Path: <tomi.ollila@iki.fi>
X-Original-To: notmuch@notmuchmail.org
Delivered-To: notmuch@notmuchmail.org
Received: from localhost (localhost [127.0.0.1])
	by olra.theworths.org (Postfix) with ESMTP id 1B3EB431FC3
	for <notmuch@notmuchmail.org>; Sun,  1 Feb 2015 13:45:39 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
X-Spam-Flag: NO
X-Spam-Score: 2.438
X-Spam-Level: **
X-Spam-Status: No, score=2.438 tagged_above=-999 required=5
	tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled
Received: from olra.theworths.org ([127.0.0.1])
	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id bJEed46NOJGk for <notmuch@notmuchmail.org>;
	Sun,  1 Feb 2015 13:45:35 -0800 (PST)
Received: from guru.guru-group.fi (guru.guru-group.fi [46.183.73.34])
	by olra.theworths.org (Postfix) with ESMTP id 93CC9431FC2
	for <notmuch@notmuchmail.org>; Sun,  1 Feb 2015 13:45:35 -0800 (PST)
Received: from guru.guru-group.fi (localhost [IPv6:::1])
	by guru.guru-group.fi (Postfix) with ESMTP id 2E98010004A;
	Sun,  1 Feb 2015 23:45:14 +0200 (EET)
From: Tomi Ollila <tomi.ollila@iki.fi>
To: David Edmondson <dme@dme.org>, Jinwoo Lee <jinwoo68@gmail.com>,
	notmuch@notmuchmail.org
Subject: Re: [PATCH] emacs: Add a defcustom that specifies
	regexp	for	blocked	remote images.
In-Reply-To: <m2y4ohtijr.fsf@guru.guru-group.fi>
References: <1422567352-32647-1-git-send-email-jinwoo68@gmail.com>
	<cunlhkhe2l3.fsf@fenchurch.hh.sledj.net>
	<m2y4ohtijr.fsf@guru.guru-group.fi>
User-Agent: Notmuch/0.19+53~gb45d2f9 (http://notmuchmail.org) Emacs/24.3.1
	(x86_64-unknown-linux-gnu)
X-Face: HhBM'cA~<r"^Xv\KRN0P{vn'Y"Kd;zg_y3S[4)KSN~s?O\"QPoL
	$[Xv_BD:i/F$WiEWax}R(MPS`^UaptOGD`*/=@\1lKoVa9tnrg0TW?"r7aRtgk[F
	!)g;OY^,BjTbr)Np:%c_o'jj,Z
Date: Sun, 01 Feb 2015 23:45:14 +0200
Message-ID: <m2vbjltifp.fsf@guru.guru-group.fi>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: "Use and development of the notmuch mail system."
	<notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Feb 2015 21:45:39 -0000

On Sun, Feb 01 2015, Tomi Ollila <tomi.ollila@iki.fi> wrote:

> On Sun, Feb 01 2015, David Edmondson <dme@dme.org> wrote:
>
>> On Thu, Jan 29 2015, Jinwoo Lee wrote:
>>> It's default value is ".", meaning all remote images will be blocked
>>> by default.
>>>
>>> ---
>>> This time setting gnus-blocked-images from the correct place.
>>
>> Looks good - it is better than the code currently in the repository,
>> even if it doesn=E2=80=99t address every possible case that we have disc=
ussed.
>
> That I can agree with :D

(I mean it protects us better than the code currently in the repo...)

> Tomi

Tomi

>
>>
>>> ---
>>>  emacs/notmuch-show.el | 23 ++++++++++++++++++-----
>>>  1 file changed, 18 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
>>> index 66350d4..6f38e0c 100644
>>> --- a/emacs/notmuch-show.el
>>> +++ b/emacs/notmuch-show.el
>>> @@ -136,6 +136,11 @@ indentation."
>>>    :type 'boolean
>>>    :group 'notmuch-show)
>>>=20=20
>>> +(defcustom notmuch-show-text/html-blocked-images "."
>>> +  "Remote images that have URLs matching this regexp will be blocked."
>>> +  :type '(choice (const nil) regexp)
>>> +  :group 'notmuch-show)
>>> +
>>>  (defvar notmuch-show-thread-id nil)
>>>  (make-variable-buffer-local 'notmuch-show-thread-id)
>>>  (put 'notmuch-show-thread-id 'permanent-local t)
>>> @@ -798,16 +803,24 @@ will return nil if the CID is unknown or cannot b=
e retrieved."
>>>  	   ;; URL-decode it (see RFC 2392).
>>>  	   (let ((cid (url-unhex-string url)))
>>>  	     (first (notmuch-show--get-cid-content cid)))))
>>> -	;; Block all external images to prevent privacy leaks and
>>> -	;; potential attacks.  FIXME: If we block an image, offer a
>>> -	;; button to load external images.
>>> -	(shr-blocked-images "."))
>>> +	;; By default, block all external images to prevent privacy
>>> +	;; leaks and potential attacks.  FIXME: If we block an image,
>>> +	;; offer a button to load external images.
>>> +	(shr-blocked-images notmuch-show-text/html-blocked-images))
>>>      (shr-insert-document dom)
>>>      t))
>>>=20=20
>>>  (defun notmuch-show-insert-part-*/* (msg part content-type nth depth b=
utton)
>>>    ;; This handler _must_ succeed - it is the handler of last resort.
>>> -  (notmuch-mm-display-part-inline msg part content-type notmuch-show-p=
rocess-crypto)
>>> +
>>> +  ;; By default, block all external images to prevent privacy leaks
>>> +  ;; and potential attacks.  FIXME: If we block an image, offer a
>>> +  ;; button to load external images.
>>> +  ;; Note that GNUS-BLOCKED-IMAGES is effective only when
>>> +  ;; MM-TEXT-HTML-RENDERER is 'gnus-w3m.
>>> +  (let ((gnus-blocked-images notmuch-show-text/html-blocked-images))
>>> +    (notmuch-mm-display-part-inline msg part content-type
>>> +				    notmuch-show-process-crypto))
>>>    t)
>>>=20=20
>>>  ;; Functions for determining how to handle MIME parts.
>>> --=20
>>> 2.2.2
>>>
>>> _______________________________________________
>>> notmuch mailing list
>>> notmuch@notmuchmail.org
>>> http://notmuchmail.org/mailman/listinfo/notmuch
>> _______________________________________________
>> notmuch mailing list
>> notmuch@notmuchmail.org
>> http://notmuchmail.org/mailman/listinfo/notmuch