From: Tomi Ollila Date: Mon, 2 Feb 2015 20:32:12 +0000 (+0200) Subject: Re: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images. X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=27bcdde4355e2cf2b05941554bab8697a5eea5b0;p=notmuch-archives.git Re: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images. --- diff --git a/51/7b482b896d977a974265b7243bb394520dd3f4 b/51/7b482b896d977a974265b7243bb394520dd3f4 new file mode 100644 index 000000000..4b1190df9 --- /dev/null +++ b/51/7b482b896d977a974265b7243bb394520dd3f4 @@ -0,0 +1,139 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id A768E431FC2 + for ; Mon, 2 Feb 2015 12:32:44 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: 2.438 +X-Spam-Level: ** +X-Spam-Status: No, score=2.438 tagged_above=-999 required=5 + tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id xveII0olZmdC for ; + Mon, 2 Feb 2015 12:32:41 -0800 (PST) +Received: from guru.guru-group.fi (guru.guru-group.fi [46.183.73.34]) + by olra.theworths.org (Postfix) with ESMTP id 2C06C431FC0 + for ; Mon, 2 Feb 2015 12:32:41 -0800 (PST) +Received: from guru.guru-group.fi (localhost [IPv6:::1]) + by guru.guru-group.fi (Postfix) with ESMTP id BEB1E10004A; + Mon, 2 Feb 2015 22:32:12 +0200 (EET) +From: Tomi Ollila +To: Jinwoo Lee , notmuch@notmuchmail.org +Subject: Re: [PATCH] emacs: Add a defcustom that specifies regexp for + blocked remote images. +In-Reply-To: <1422903246-8621-1-git-send-email-jinwoo68@gmail.com> +References: <1422903246-8621-1-git-send-email-jinwoo68@gmail.com> +User-Agent: Notmuch/0.19+53~gb45d2f9 (http://notmuchmail.org) Emacs/24.3.1 + (x86_64-unknown-linux-gnu) +X-Face: HhBM'cA~ +MIME-Version: 1.0 +Content-Type: text/plain +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Mon, 02 Feb 2015 20:32:44 -0000 + +On Mon, Feb 02 2015, Jinwoo Lee wrote: + +> It's default value is ".", meaning all remote images will be blocked +> by default. +> +> --- +> Addressed review comments. + +Ok, looks good to me. David can perhaps amend away the (accidental) +whitespace change in the last hunk ? + +Tomi + + +> --- +> emacs/notmuch-show.el | 27 +++++++++++++++++++-------- +> 1 file changed, 19 insertions(+), 8 deletions(-) +> +> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el +> index 66350d4..5d939bb 100644 +> --- a/emacs/notmuch-show.el +> +++ b/emacs/notmuch-show.el +> @@ -136,6 +136,13 @@ indentation." +> :type 'boolean +> :group 'notmuch-show) +> +> +;; By default, block all external images to prevent privacy leaks and +> +;; potential attacks. +> +(defcustom notmuch-show-text/html-blocked-images "." +> + "Remote images that have URLs matching this regexp will be blocked." +> + :type '(choice (const nil) regexp) +> + :group 'notmuch-show) +> + +> (defvar notmuch-show-thread-id nil) +> (make-variable-buffer-local 'notmuch-show-thread-id) +> (put 'notmuch-show-thread-id 'permanent-local t) +> @@ -771,14 +778,21 @@ will return nil if the CID is unknown or cannot be retrieved." +> ;; It's easier to drive shr ourselves than to work around the +> ;; goofy things `mm-shr' does (like irreversibly taking over +> ;; content ID handling). +> - (notmuch-show--insert-part-text/html-shr msg part) +> + +> + ;; FIXME: If we block an image, offer a button to load external +> + ;; images. +> + (let ((shr-blocked-images notmuch-show-text/html-blocked-images)) +> + (notmuch-show--insert-part-text/html-shr msg part)) +> ;; Otherwise, let message-mode do the heavy lifting +> ;; +> ;; w3m sets up a keymap which "leaks" outside the invisible region +> ;; and causes strange effects in notmuch. We set +> ;; mm-inline-text-html-with-w3m-keymap to nil to tell w3m not to +> ;; set a keymap (so the normal notmuch-show-mode-map remains). +> - (let ((mm-inline-text-html-with-w3m-keymap nil)) +> + (let ((mm-inline-text-html-with-w3m-keymap nil) +> + ;; FIXME: If we block an image, offer a button to load external +> + ;; images. +> + (gnus-blocked-images notmuch-show-text/html-blocked-images)) +> (notmuch-show-insert-part-*/* msg part content-type nth depth button)))) +> +> ;; These functions are used by notmuch-show--insert-part-text/html-shr +> @@ -797,17 +811,14 @@ will return nil if the CID is unknown or cannot be retrieved." +> ;; shr strips the "cid:" part of URL, but doesn't +> ;; URL-decode it (see RFC 2392). +> (let ((cid (url-unhex-string url))) +> - (first (notmuch-show--get-cid-content cid))))) +> - ;; Block all external images to prevent privacy leaks and +> - ;; potential attacks. FIXME: If we block an image, offer a +> - ;; button to load external images. +> - (shr-blocked-images ".")) +> + (first (notmuch-show--get-cid-content cid)))))) +> (shr-insert-document dom) +> t)) +> +> (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button) +> ;; This handler _must_ succeed - it is the handler of last resort. +> - (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto) +> + (notmuch-mm-display-part-inline msg part content-type +> + notmuch-show-process-crypto) +> t) +> +> ;; Functions for determining how to handle MIME parts. +> -- +> 2.2.2 +> +> _______________________________________________ +> notmuch mailing list +> notmuch@notmuchmail.org +> http://notmuchmail.org/mailman/listinfo/notmuch