From 66efc79bcaed36c79b7c953037022c0010d3693b Mon Sep 17 00:00:00 2001 From: Tomi Ollila Date: Sun, 1 Feb 2015 23:45:14 +0200 Subject: [PATCH] Re: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images. --- f0/56c03fd5360612d9601484bad696bdeec57387 | 144 ++++++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 f0/56c03fd5360612d9601484bad696bdeec57387 diff --git a/f0/56c03fd5360612d9601484bad696bdeec57387 b/f0/56c03fd5360612d9601484bad696bdeec57387 new file mode 100644 index 000000000..e2474f503 --- /dev/null +++ b/f0/56c03fd5360612d9601484bad696bdeec57387 @@ -0,0 +1,144 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id 1B3EB431FC3 + for ; Sun, 1 Feb 2015 13:45:39 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: 2.438 +X-Spam-Level: ** +X-Spam-Status: No, score=2.438 tagged_above=-999 required=5 + tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id bJEed46NOJGk for ; + Sun, 1 Feb 2015 13:45:35 -0800 (PST) +Received: from guru.guru-group.fi (guru.guru-group.fi [46.183.73.34]) + by olra.theworths.org (Postfix) with ESMTP id 93CC9431FC2 + for ; Sun, 1 Feb 2015 13:45:35 -0800 (PST) +Received: from guru.guru-group.fi (localhost [IPv6:::1]) + by guru.guru-group.fi (Postfix) with ESMTP id 2E98010004A; + Sun, 1 Feb 2015 23:45:14 +0200 (EET) +From: Tomi Ollila +To: David Edmondson , Jinwoo Lee , + notmuch@notmuchmail.org +Subject: Re: [PATCH] emacs: Add a defcustom that specifies + regexp for blocked remote images. +In-Reply-To: +References: <1422567352-32647-1-git-send-email-jinwoo68@gmail.com> + + +User-Agent: Notmuch/0.19+53~gb45d2f9 (http://notmuchmail.org) Emacs/24.3.1 + (x86_64-unknown-linux-gnu) +X-Face: HhBM'cA~ +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf-8 +Content-Transfer-Encoding: quoted-printable +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Sun, 01 Feb 2015 21:45:39 -0000 + +On Sun, Feb 01 2015, Tomi Ollila wrote: + +> On Sun, Feb 01 2015, David Edmondson wrote: +> +>> On Thu, Jan 29 2015, Jinwoo Lee wrote: +>>> It's default value is ".", meaning all remote images will be blocked +>>> by default. +>>> +>>> --- +>>> This time setting gnus-blocked-images from the correct place. +>> +>> Looks good - it is better than the code currently in the repository, +>> even if it doesn=E2=80=99t address every possible case that we have disc= +ussed. +> +> That I can agree with :D + +(I mean it protects us better than the code currently in the repo...) + +> Tomi + +Tomi + +> +>> +>>> --- +>>> emacs/notmuch-show.el | 23 ++++++++++++++++++----- +>>> 1 file changed, 18 insertions(+), 5 deletions(-) +>>> +>>> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el +>>> index 66350d4..6f38e0c 100644 +>>> --- a/emacs/notmuch-show.el +>>> +++ b/emacs/notmuch-show.el +>>> @@ -136,6 +136,11 @@ indentation." +>>> :type 'boolean +>>> :group 'notmuch-show) +>>>=20=20 +>>> +(defcustom notmuch-show-text/html-blocked-images "." +>>> + "Remote images that have URLs matching this regexp will be blocked." +>>> + :type '(choice (const nil) regexp) +>>> + :group 'notmuch-show) +>>> + +>>> (defvar notmuch-show-thread-id nil) +>>> (make-variable-buffer-local 'notmuch-show-thread-id) +>>> (put 'notmuch-show-thread-id 'permanent-local t) +>>> @@ -798,16 +803,24 @@ will return nil if the CID is unknown or cannot b= +e retrieved." +>>> ;; URL-decode it (see RFC 2392). +>>> (let ((cid (url-unhex-string url))) +>>> (first (notmuch-show--get-cid-content cid))))) +>>> - ;; Block all external images to prevent privacy leaks and +>>> - ;; potential attacks. FIXME: If we block an image, offer a +>>> - ;; button to load external images. +>>> - (shr-blocked-images ".")) +>>> + ;; By default, block all external images to prevent privacy +>>> + ;; leaks and potential attacks. FIXME: If we block an image, +>>> + ;; offer a button to load external images. +>>> + (shr-blocked-images notmuch-show-text/html-blocked-images)) +>>> (shr-insert-document dom) +>>> t)) +>>>=20=20 +>>> (defun notmuch-show-insert-part-*/* (msg part content-type nth depth b= +utton) +>>> ;; This handler _must_ succeed - it is the handler of last resort. +>>> - (notmuch-mm-display-part-inline msg part content-type notmuch-show-p= +rocess-crypto) +>>> + +>>> + ;; By default, block all external images to prevent privacy leaks +>>> + ;; and potential attacks. FIXME: If we block an image, offer a +>>> + ;; button to load external images. +>>> + ;; Note that GNUS-BLOCKED-IMAGES is effective only when +>>> + ;; MM-TEXT-HTML-RENDERER is 'gnus-w3m. +>>> + (let ((gnus-blocked-images notmuch-show-text/html-blocked-images)) +>>> + (notmuch-mm-display-part-inline msg part content-type +>>> + notmuch-show-process-crypto)) +>>> t) +>>>=20=20 +>>> ;; Functions for determining how to handle MIME parts. +>>> --=20 +>>> 2.2.2 +>>> +>>> _______________________________________________ +>>> notmuch mailing list +>>> notmuch@notmuchmail.org +>>> http://notmuchmail.org/mailman/listinfo/notmuch +>> _______________________________________________ +>> notmuch mailing list +>> notmuch@notmuchmail.org +>> http://notmuchmail.org/mailman/listinfo/notmuch -- 2.26.2