--- /dev/null
+Return-Path: <tomi.ollila@iki.fi>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by olra.theworths.org (Postfix) with ESMTP id 1B3EB431FC3\r
+ for <notmuch@notmuchmail.org>; Sun, 1 Feb 2015 13:45:39 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 2.438\r
+X-Spam-Level: **\r
+X-Spam-Status: No, score=2.438 tagged_above=-999 required=5\r
+ tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+ by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id bJEed46NOJGk for <notmuch@notmuchmail.org>;\r
+ Sun, 1 Feb 2015 13:45:35 -0800 (PST)\r
+Received: from guru.guru-group.fi (guru.guru-group.fi [46.183.73.34])\r
+ by olra.theworths.org (Postfix) with ESMTP id 93CC9431FC2\r
+ for <notmuch@notmuchmail.org>; Sun, 1 Feb 2015 13:45:35 -0800 (PST)\r
+Received: from guru.guru-group.fi (localhost [IPv6:::1])\r
+ by guru.guru-group.fi (Postfix) with ESMTP id 2E98010004A;\r
+ Sun, 1 Feb 2015 23:45:14 +0200 (EET)\r
+From: Tomi Ollila <tomi.ollila@iki.fi>\r
+To: David Edmondson <dme@dme.org>, Jinwoo Lee <jinwoo68@gmail.com>,\r
+ notmuch@notmuchmail.org\r
+Subject: Re: [PATCH] emacs: Add a defcustom that specifies\r
+ regexp for blocked remote images.\r
+In-Reply-To: <m2y4ohtijr.fsf@guru.guru-group.fi>\r
+References: <1422567352-32647-1-git-send-email-jinwoo68@gmail.com>\r
+ <cunlhkhe2l3.fsf@fenchurch.hh.sledj.net>\r
+ <m2y4ohtijr.fsf@guru.guru-group.fi>\r
+User-Agent: Notmuch/0.19+53~gb45d2f9 (http://notmuchmail.org) Emacs/24.3.1\r
+ (x86_64-unknown-linux-gnu)\r
+X-Face: HhBM'cA~<r"^Xv\KRN0P{vn'Y"Kd;zg_y3S[4)KSN~s?O\"QPoL\r
+ $[Xv_BD:i/F$WiEWax}R(MPS`^UaptOGD`*/=@\1lKoVa9tnrg0TW?"r7aRtgk[F\r
+ !)g;OY^,BjTbr)Np:%c_o'jj,Z\r
+Date: Sun, 01 Feb 2015 23:45:14 +0200\r
+Message-ID: <m2vbjltifp.fsf@guru.guru-group.fi>\r
+MIME-Version: 1.0\r
+Content-Type: text/plain; charset=utf-8\r
+Content-Transfer-Encoding: quoted-printable\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Sun, 01 Feb 2015 21:45:39 -0000\r
+\r
+On Sun, Feb 01 2015, Tomi Ollila <tomi.ollila@iki.fi> wrote:\r
+\r
+> On Sun, Feb 01 2015, David Edmondson <dme@dme.org> wrote:\r
+>\r
+>> On Thu, Jan 29 2015, Jinwoo Lee wrote:\r
+>>> It's default value is ".", meaning all remote images will be blocked\r
+>>> by default.\r
+>>>\r
+>>> ---\r
+>>> This time setting gnus-blocked-images from the correct place.\r
+>>\r
+>> Looks good - it is better than the code currently in the repository,\r
+>> even if it doesn=E2=80=99t address every possible case that we have disc=\r
+ussed.\r
+>\r
+> That I can agree with :D\r
+\r
+(I mean it protects us better than the code currently in the repo...)\r
+\r
+> Tomi\r
+\r
+Tomi\r
+\r
+>\r
+>>\r
+>>> ---\r
+>>> emacs/notmuch-show.el | 23 ++++++++++++++++++-----\r
+>>> 1 file changed, 18 insertions(+), 5 deletions(-)\r
+>>>\r
+>>> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el\r
+>>> index 66350d4..6f38e0c 100644\r
+>>> --- a/emacs/notmuch-show.el\r
+>>> +++ b/emacs/notmuch-show.el\r
+>>> @@ -136,6 +136,11 @@ indentation."\r
+>>> :type 'boolean\r
+>>> :group 'notmuch-show)\r
+>>>=20=20\r
+>>> +(defcustom notmuch-show-text/html-blocked-images "."\r
+>>> + "Remote images that have URLs matching this regexp will be blocked."\r
+>>> + :type '(choice (const nil) regexp)\r
+>>> + :group 'notmuch-show)\r
+>>> +\r
+>>> (defvar notmuch-show-thread-id nil)\r
+>>> (make-variable-buffer-local 'notmuch-show-thread-id)\r
+>>> (put 'notmuch-show-thread-id 'permanent-local t)\r
+>>> @@ -798,16 +803,24 @@ will return nil if the CID is unknown or cannot b=\r
+e retrieved."\r
+>>> ;; URL-decode it (see RFC 2392).\r
+>>> (let ((cid (url-unhex-string url)))\r
+>>> (first (notmuch-show--get-cid-content cid)))))\r
+>>> - ;; Block all external images to prevent privacy leaks and\r
+>>> - ;; potential attacks. FIXME: If we block an image, offer a\r
+>>> - ;; button to load external images.\r
+>>> - (shr-blocked-images "."))\r
+>>> + ;; By default, block all external images to prevent privacy\r
+>>> + ;; leaks and potential attacks. FIXME: If we block an image,\r
+>>> + ;; offer a button to load external images.\r
+>>> + (shr-blocked-images notmuch-show-text/html-blocked-images))\r
+>>> (shr-insert-document dom)\r
+>>> t))\r
+>>>=20=20\r
+>>> (defun notmuch-show-insert-part-*/* (msg part content-type nth depth b=\r
+utton)\r
+>>> ;; This handler _must_ succeed - it is the handler of last resort.\r
+>>> - (notmuch-mm-display-part-inline msg part content-type notmuch-show-p=\r
+rocess-crypto)\r
+>>> +\r
+>>> + ;; By default, block all external images to prevent privacy leaks\r
+>>> + ;; and potential attacks. FIXME: If we block an image, offer a\r
+>>> + ;; button to load external images.\r
+>>> + ;; Note that GNUS-BLOCKED-IMAGES is effective only when\r
+>>> + ;; MM-TEXT-HTML-RENDERER is 'gnus-w3m.\r
+>>> + (let ((gnus-blocked-images notmuch-show-text/html-blocked-images))\r
+>>> + (notmuch-mm-display-part-inline msg part content-type\r
+>>> + notmuch-show-process-crypto))\r
+>>> t)\r
+>>>=20=20\r
+>>> ;; Functions for determining how to handle MIME parts.\r
+>>> --=20\r
+>>> 2.2.2\r
+>>>\r
+>>> _______________________________________________\r
+>>> notmuch mailing list\r
+>>> notmuch@notmuchmail.org\r
+>>> http://notmuchmail.org/mailman/listinfo/notmuch\r
+>> _______________________________________________\r
+>> notmuch mailing list\r
+>> notmuch@notmuchmail.org\r
+>> http://notmuchmail.org/mailman/listinfo/notmuch\r
projects / notmuch-archives.git / commitdiff