--- /dev/null
+Return-Path: <tomi.ollila@iki.fi>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by olra.theworths.org (Postfix) with ESMTP id 2F5A9431FC2\r
+ for <notmuch@notmuchmail.org>; Sun, 1 Feb 2015 13:41:22 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 2.438\r
+X-Spam-Level: **\r
+X-Spam-Status: No, score=2.438 tagged_above=-999 required=5\r
+ tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+ by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id 8MOyhAOGzPPi for <notmuch@notmuchmail.org>;\r
+ Sun, 1 Feb 2015 13:41:19 -0800 (PST)\r
+Received: from guru.guru-group.fi (guru.guru-group.fi [46.183.73.34])\r
+ by olra.theworths.org (Postfix) with ESMTP id D90FB431FC0\r
+ for <notmuch@notmuchmail.org>; Sun, 1 Feb 2015 13:41:18 -0800 (PST)\r
+Received: from guru.guru-group.fi (localhost [IPv6:::1])\r
+ by guru.guru-group.fi (Postfix) with ESMTP id 3164810004A;\r
+ Sun, 1 Feb 2015 23:40:53 +0200 (EET)\r
+From: Tomi Ollila <tomi.ollila@iki.fi>\r
+To: Jinwoo Lee <jinwoo68@gmail.com>, notmuch@notmuchmail.org\r
+Subject: Re: [PATCH] emacs: Add a defcustom that specifies regexp for\r
+ blocked remote images.\r
+In-Reply-To: <1422567352-32647-1-git-send-email-jinwoo68@gmail.com>\r
+References: <1422567352-32647-1-git-send-email-jinwoo68@gmail.com>\r
+User-Agent: Notmuch/0.19+53~gb45d2f9 (http://notmuchmail.org) Emacs/24.3.1\r
+ (x86_64-unknown-linux-gnu)\r
+X-Face: HhBM'cA~<r"^Xv\KRN0P{vn'Y"Kd;zg_y3S[4)KSN~s?O\"QPoL\r
+ $[Xv_BD:i/F$WiEWax}R(MPS`^UaptOGD`*/=@\1lKoVa9tnrg0TW?"r7aRtgk[F\r
+ !)g;OY^,BjTbr)Np:%c_o'jj,Z\r
+Date: Sun, 01 Feb 2015 23:40:52 +0200\r
+Message-ID: <m2h9v5paxn.fsf@guru.guru-group.fi>\r
+MIME-Version: 1.0\r
+Content-Type: text/plain\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Sun, 01 Feb 2015 21:41:22 -0000\r
+\r
+On Thu, Jan 29 2015, Jinwoo Lee <jinwoo68@gmail.com> wrote:\r
+\r
+> It's default value is ".", meaning all remote images will be blocked\r
+> by default.\r
+>\r
+> ---\r
+> This time setting gnus-blocked-images from the correct place.\r
+> ---\r
+> emacs/notmuch-show.el | 23 ++++++++++++++++++-----\r
+> 1 file changed, 18 insertions(+), 5 deletions(-)\r
+>\r
+> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el\r
+> index 66350d4..6f38e0c 100644\r
+> --- a/emacs/notmuch-show.el\r
+> +++ b/emacs/notmuch-show.el\r
+> @@ -136,6 +136,11 @@ indentation."\r
+> :type 'boolean\r
+> :group 'notmuch-show)\r
+> \r
+> +(defcustom notmuch-show-text/html-blocked-images "."\r
+> + "Remote images that have URLs matching this regexp will be blocked."\r
+> + :type '(choice (const nil) regexp)\r
+> + :group 'notmuch-show)\r
+> +\r
+> (defvar notmuch-show-thread-id nil)\r
+> (make-variable-buffer-local 'notmuch-show-thread-id)\r
+> (put 'notmuch-show-thread-id 'permanent-local t)\r
+> @@ -798,16 +803,24 @@ will return nil if the CID is unknown or cannot be retrieved."\r
+> ;; URL-decode it (see RFC 2392).\r
+> (let ((cid (url-unhex-string url)))\r
+> (first (notmuch-show--get-cid-content cid)))))\r
+> - ;; Block all external images to prevent privacy leaks and\r
+> - ;; potential attacks. FIXME: If we block an image, offer a\r
+> - ;; button to load external images.\r
+> - (shr-blocked-images "."))\r
+> + ;; By default, block all external images to prevent privacy\r
+> + ;; leaks and potential attacks. FIXME: If we block an image,\r
+> + ;; offer a button to load external images.\r
+\r
+This comment looks little weird; maybe the "Block all external images to\r
+prevent privacy leaks and potential attacks." part could be moved to\r
+the defcustom part and leave the FIXME part here \r
+\r
+> + (shr-blocked-images notmuch-show-text/html-blocked-images))\r
+> (shr-insert-document dom)\r
+> t))\r
+> \r
+> (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)\r
+> ;; This handler _must_ succeed - it is the handler of last resort.\r
+> - (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)\r
+> +\r
+> + ;; By default, block all external images to prevent privacy leaks\r
+> + ;; and potential attacks. FIXME: If we block an image, offer a\r
+> + ;; button to load external images.\r
+> + ;; Note that GNUS-BLOCKED-IMAGES is effective only when\r
+> + ;; MM-TEXT-HTML-RENDERER is 'gnus-w3m.\r
+\r
+This last statement should be dropped unless we know for sure that this\r
+is exact -- and rest (sans FIXME) can go to the defcustom...\r
+\r
+... and to me, it looks like this is not the most suitable place for this\r
+setting; easiest is to drop it into notmuch-show-insert-part-text/html\r
+so it is in the same context as the shr. Alternative is to put it to\r
+the earlier place in insert-part handling (or later,\r
+i.e. notmuch-mm-display-part-inline )\r
+\r
+> + (let ((gnus-blocked-images notmuch-show-text/html-blocked-images))\r
+> + (notmuch-mm-display-part-inline msg part content-type\r
+> + notmuch-show-process-crypto))\r
+> t)\r
+\r
+Tomi\r
+\r
+> \r
+> ;; Functions for determining how to handle MIME parts.\r
+> -- \r
+> 2.2.2\r
projects / notmuch-archives.git / commitdiff