--- /dev/null
+Return-Path: <jinwoo68@gmail.com>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by olra.theworths.org (Postfix) with ESMTP id 699AC431FC2\r
+ for <notmuch@notmuchmail.org>; Mon, 2 Feb 2015 12:41:35 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 2.639\r
+X-Spam-Level: **\r
+X-Spam-Status: No, score=2.639 tagged_above=-999 required=5\r
+ tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,\r
+ DNS_FROM_AHBL_RHSBL=2.438, FREEMAIL_ENVFROM_END_DIGIT=1,\r
+ FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+ by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id TM8jnAuKYu+r for <notmuch@notmuchmail.org>;\r
+ Mon, 2 Feb 2015 12:41:32 -0800 (PST)\r
+Received: from mail-ie0-f174.google.com (mail-ie0-f174.google.com\r
+ [209.85.223.174]) (using TLSv1 with cipher RC4-SHA (128/128 bits))\r
+ (No client certificate requested)\r
+ by olra.theworths.org (Postfix) with ESMTPS id 21EE8431FC0\r
+ for <notmuch@notmuchmail.org>; Mon, 2 Feb 2015 12:41:32 -0800 (PST)\r
+Received: by mail-ie0-f174.google.com with SMTP id vy18so20351285iec.5\r
+ for <notmuch@notmuchmail.org>; Mon, 02 Feb 2015 12:41:31 -0800 (PST)\r
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;\r
+ h=from:to:subject:in-reply-to:references:user-agent:date:message-id\r
+ :mime-version:content-type;\r
+ bh=Mbe/eSzkRHC3BQQO//CVBs7fnQI0jMM2LJXkNfBeyOc=;\r
+ b=j0mcpW3FAYZ+eeJnI9ERzZqBmxx+CAs09rdo6G/yVE/Mg5ONCL+IwE7qZE8IQruf0t\r
+ miHgXAKv593ZxYh73OL+oV/cEKJHxmhi9Ca1xSeF/SGkdVwowrNW3xzwEN4r/h2eW0mG\r
+ 2Zn3q8AHFWvnGST0GVnMCcYtMrROubt1eTxlYNRFD5jp8BCYk15nCX7uRCuxdiPaEPC3\r
+ auY0550wYPgXPMX6+yyE6IbcCX7JZ8gg79Mc8g91+yKzbKs2C6tfUn6ksbI8qt1w+ezr\r
+ Dahai86drtPtH1JWfvl9l37d8BjKwFpuwaklVGcFAZNODx9NbOq1bFhPK5ZUK9pgkuMf\r
+ lYiA==\r
+X-Received: by 10.107.170.162 with SMTP id g34mr20707717ioj.7.1422909691470;\r
+ Mon, 02 Feb 2015 12:41:31 -0800 (PST)\r
+Received: from localhost ([2620:0:1000:407c:317e:4baf:6671:315a])\r
+ by mx.google.com with ESMTPSA id y5sm6699093ign.7.2015.02.02.12.41.30\r
+ (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\r
+ Mon, 02 Feb 2015 12:41:30 -0800 (PST)\r
+From: Jinwoo Lee <jinwoo68@gmail.com>\r
+To: Tomi Ollila <tomi.ollila@iki.fi>, notmuch@notmuchmail.org\r
+Subject: Re: [PATCH] emacs: Add a defcustom that specifies regexp for\r
+ blocked remote images.\r
+In-Reply-To: <m27fw0awc3.fsf@guru.guru-group.fi>\r
+References: <1422903246-8621-1-git-send-email-jinwoo68@gmail.com>\r
+ <m27fw0awc3.fsf@guru.guru-group.fi>\r
+User-Agent: Notmuch/0.18.1 (http://notmuchmail.org) Emacs/24.4.1\r
+ (x86_64-apple-darwin13.2.0)\r
+Date: Mon, 02 Feb 2015 12:41:31 -0800\r
+Message-ID: <yq65lhkgqc5g.fsf@jinwoo-macbookair.roam.corp.google.com>\r
+MIME-Version: 1.0\r
+Content-Type: text/plain\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Mon, 02 Feb 2015 20:41:35 -0000\r
+\r
+On Mon, Feb 2, 2015 at 12:32 PM, Tomi Ollila <tomi.ollila@iki.fi> wrote:\r
+> On Mon, Feb 02 2015, Jinwoo Lee <jinwoo68@gmail.com> wrote:\r
+>\r
+>> It's default value is ".", meaning all remote images will be blocked\r
+>> by default.\r
+>>\r
+>> ---\r
+>> Addressed review comments.\r
+>\r
+> Ok, looks good to me. David can perhaps amend away the (accidental)\r
+> whitespace change in the last hunk ?\r
+\r
+Ah, sorry about that. I can revert if needed.\r
+\r
+>\r
+> Tomi\r
+>\r
+>\r
+>> ---\r
+>> emacs/notmuch-show.el | 27 +++++++++++++++++++--------\r
+>> 1 file changed, 19 insertions(+), 8 deletions(-)\r
+>>\r
+>> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el\r
+>> index 66350d4..5d939bb 100644\r
+>> --- a/emacs/notmuch-show.el\r
+>> +++ b/emacs/notmuch-show.el\r
+>> @@ -136,6 +136,13 @@ indentation."\r
+>> :type 'boolean\r
+>> :group 'notmuch-show)\r
+>> \r
+>> +;; By default, block all external images to prevent privacy leaks and\r
+>> +;; potential attacks.\r
+>> +(defcustom notmuch-show-text/html-blocked-images "."\r
+>> + "Remote images that have URLs matching this regexp will be blocked."\r
+>> + :type '(choice (const nil) regexp)\r
+>> + :group 'notmuch-show)\r
+>> +\r
+>> (defvar notmuch-show-thread-id nil)\r
+>> (make-variable-buffer-local 'notmuch-show-thread-id)\r
+>> (put 'notmuch-show-thread-id 'permanent-local t)\r
+>> @@ -771,14 +778,21 @@ will return nil if the CID is unknown or cannot be retrieved."\r
+>> ;; It's easier to drive shr ourselves than to work around the\r
+>> ;; goofy things `mm-shr' does (like irreversibly taking over\r
+>> ;; content ID handling).\r
+>> - (notmuch-show--insert-part-text/html-shr msg part)\r
+>> +\r
+>> + ;; FIXME: If we block an image, offer a button to load external\r
+>> + ;; images.\r
+>> + (let ((shr-blocked-images notmuch-show-text/html-blocked-images))\r
+>> + (notmuch-show--insert-part-text/html-shr msg part))\r
+>> ;; Otherwise, let message-mode do the heavy lifting\r
+>> ;;\r
+>> ;; w3m sets up a keymap which "leaks" outside the invisible region\r
+>> ;; and causes strange effects in notmuch. We set\r
+>> ;; mm-inline-text-html-with-w3m-keymap to nil to tell w3m not to\r
+>> ;; set a keymap (so the normal notmuch-show-mode-map remains).\r
+>> - (let ((mm-inline-text-html-with-w3m-keymap nil))\r
+>> + (let ((mm-inline-text-html-with-w3m-keymap nil)\r
+>> + ;; FIXME: If we block an image, offer a button to load external\r
+>> + ;; images.\r
+>> + (gnus-blocked-images notmuch-show-text/html-blocked-images))\r
+>> (notmuch-show-insert-part-*/* msg part content-type nth depth button))))\r
+>> \r
+>> ;; These functions are used by notmuch-show--insert-part-text/html-shr\r
+>> @@ -797,17 +811,14 @@ will return nil if the CID is unknown or cannot be retrieved."\r
+>> ;; shr strips the "cid:" part of URL, but doesn't\r
+>> ;; URL-decode it (see RFC 2392).\r
+>> (let ((cid (url-unhex-string url)))\r
+>> - (first (notmuch-show--get-cid-content cid)))))\r
+>> - ;; Block all external images to prevent privacy leaks and\r
+>> - ;; potential attacks. FIXME: If we block an image, offer a\r
+>> - ;; button to load external images.\r
+>> - (shr-blocked-images "."))\r
+>> + (first (notmuch-show--get-cid-content cid))))))\r
+>> (shr-insert-document dom)\r
+>> t))\r
+>> \r
+>> (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)\r
+>> ;; This handler _must_ succeed - it is the handler of last resort.\r
+>> - (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)\r
+>> + (notmuch-mm-display-part-inline msg part content-type\r
+>> + notmuch-show-process-crypto)\r
+>> t)\r
+>> \r
+>> ;; Functions for determining how to handle MIME parts.\r
+>> -- \r
+>> 2.2.2\r
+>>\r
+>> _______________________________________________\r
+>> notmuch mailing list\r
+>> notmuch@notmuchmail.org\r
+>> http://notmuchmail.org/mailman/listinfo/notmuch\r
projects / notmuch-archives.git / commitdiff