--- /dev/null
+Return-Path: <tomi.ollila@iki.fi>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by olra.theworths.org (Postfix) with ESMTP id A768E431FC2\r
+ for <notmuch@notmuchmail.org>; Mon, 2 Feb 2015 12:32:44 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 2.438\r
+X-Spam-Level: **\r
+X-Spam-Status: No, score=2.438 tagged_above=-999 required=5\r
+ tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+ by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id xveII0olZmdC for <notmuch@notmuchmail.org>;\r
+ Mon, 2 Feb 2015 12:32:41 -0800 (PST)\r
+Received: from guru.guru-group.fi (guru.guru-group.fi [46.183.73.34])\r
+ by olra.theworths.org (Postfix) with ESMTP id 2C06C431FC0\r
+ for <notmuch@notmuchmail.org>; Mon, 2 Feb 2015 12:32:41 -0800 (PST)\r
+Received: from guru.guru-group.fi (localhost [IPv6:::1])\r
+ by guru.guru-group.fi (Postfix) with ESMTP id BEB1E10004A;\r
+ Mon, 2 Feb 2015 22:32:12 +0200 (EET)\r
+From: Tomi Ollila <tomi.ollila@iki.fi>\r
+To: Jinwoo Lee <jinwoo68@gmail.com>, notmuch@notmuchmail.org\r
+Subject: Re: [PATCH] emacs: Add a defcustom that specifies regexp for\r
+ blocked remote images.\r
+In-Reply-To: <1422903246-8621-1-git-send-email-jinwoo68@gmail.com>\r
+References: <1422903246-8621-1-git-send-email-jinwoo68@gmail.com>\r
+User-Agent: Notmuch/0.19+53~gb45d2f9 (http://notmuchmail.org) Emacs/24.3.1\r
+ (x86_64-unknown-linux-gnu)\r
+X-Face: HhBM'cA~<r"^Xv\KRN0P{vn'Y"Kd;zg_y3S[4)KSN~s?O\"QPoL\r
+ $[Xv_BD:i/F$WiEWax}R(MPS`^UaptOGD`*/=@\1lKoVa9tnrg0TW?"r7aRtgk[F\r
+ !)g;OY^,BjTbr)Np:%c_o'jj,Z\r
+Date: Mon, 02 Feb 2015 22:32:12 +0200\r
+Message-ID: <m27fw0awc3.fsf@guru.guru-group.fi>\r
+MIME-Version: 1.0\r
+Content-Type: text/plain\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Mon, 02 Feb 2015 20:32:44 -0000\r
+\r
+On Mon, Feb 02 2015, Jinwoo Lee <jinwoo68@gmail.com> wrote:\r
+\r
+> It's default value is ".", meaning all remote images will be blocked\r
+> by default.\r
+>\r
+> ---\r
+> Addressed review comments.\r
+\r
+Ok, looks good to me. David can perhaps amend away the (accidental)\r
+whitespace change in the last hunk ?\r
+\r
+Tomi\r
+\r
+\r
+> ---\r
+> emacs/notmuch-show.el | 27 +++++++++++++++++++--------\r
+> 1 file changed, 19 insertions(+), 8 deletions(-)\r
+>\r
+> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el\r
+> index 66350d4..5d939bb 100644\r
+> --- a/emacs/notmuch-show.el\r
+> +++ b/emacs/notmuch-show.el\r
+> @@ -136,6 +136,13 @@ indentation."\r
+> :type 'boolean\r
+> :group 'notmuch-show)\r
+> \r
+> +;; By default, block all external images to prevent privacy leaks and\r
+> +;; potential attacks.\r
+> +(defcustom notmuch-show-text/html-blocked-images "."\r
+> + "Remote images that have URLs matching this regexp will be blocked."\r
+> + :type '(choice (const nil) regexp)\r
+> + :group 'notmuch-show)\r
+> +\r
+> (defvar notmuch-show-thread-id nil)\r
+> (make-variable-buffer-local 'notmuch-show-thread-id)\r
+> (put 'notmuch-show-thread-id 'permanent-local t)\r
+> @@ -771,14 +778,21 @@ will return nil if the CID is unknown or cannot be retrieved."\r
+> ;; It's easier to drive shr ourselves than to work around the\r
+> ;; goofy things `mm-shr' does (like irreversibly taking over\r
+> ;; content ID handling).\r
+> - (notmuch-show--insert-part-text/html-shr msg part)\r
+> +\r
+> + ;; FIXME: If we block an image, offer a button to load external\r
+> + ;; images.\r
+> + (let ((shr-blocked-images notmuch-show-text/html-blocked-images))\r
+> + (notmuch-show--insert-part-text/html-shr msg part))\r
+> ;; Otherwise, let message-mode do the heavy lifting\r
+> ;;\r
+> ;; w3m sets up a keymap which "leaks" outside the invisible region\r
+> ;; and causes strange effects in notmuch. We set\r
+> ;; mm-inline-text-html-with-w3m-keymap to nil to tell w3m not to\r
+> ;; set a keymap (so the normal notmuch-show-mode-map remains).\r
+> - (let ((mm-inline-text-html-with-w3m-keymap nil))\r
+> + (let ((mm-inline-text-html-with-w3m-keymap nil)\r
+> + ;; FIXME: If we block an image, offer a button to load external\r
+> + ;; images.\r
+> + (gnus-blocked-images notmuch-show-text/html-blocked-images))\r
+> (notmuch-show-insert-part-*/* msg part content-type nth depth button))))\r
+> \r
+> ;; These functions are used by notmuch-show--insert-part-text/html-shr\r
+> @@ -797,17 +811,14 @@ will return nil if the CID is unknown or cannot be retrieved."\r
+> ;; shr strips the "cid:" part of URL, but doesn't\r
+> ;; URL-decode it (see RFC 2392).\r
+> (let ((cid (url-unhex-string url)))\r
+> - (first (notmuch-show--get-cid-content cid)))))\r
+> - ;; Block all external images to prevent privacy leaks and\r
+> - ;; potential attacks. FIXME: If we block an image, offer a\r
+> - ;; button to load external images.\r
+> - (shr-blocked-images "."))\r
+> + (first (notmuch-show--get-cid-content cid))))))\r
+> (shr-insert-document dom)\r
+> t))\r
+> \r
+> (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)\r
+> ;; This handler _must_ succeed - it is the handler of last resort.\r
+> - (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)\r
+> + (notmuch-mm-display-part-inline msg part content-type\r
+> + notmuch-show-process-crypto)\r
+> t)\r
+> \r
+> ;; Functions for determining how to handle MIME parts.\r
+> -- \r
+> 2.2.2\r
+>\r
+> _______________________________________________\r
+> notmuch mailing list\r
+> notmuch@notmuchmail.org\r
+> http://notmuchmail.org/mailman/listinfo/notmuch\r
projects / notmuch-archives.git / commitdiff