From f170bd2acb1010b8e9b505e6e3138f450b97ca1b Mon Sep 17 00:00:00 2001 From: David Edmondson Date: Sun, 1 Feb 2015 21:36:40 +0000 Subject: [PATCH] Re: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images. --- 19/81009150fc3fe1ac6ec1e72e9a37198862073d | 145 ++++++++++++++++++++++ 1 file changed, 145 insertions(+) create mode 100644 19/81009150fc3fe1ac6ec1e72e9a37198862073d diff --git a/19/81009150fc3fe1ac6ec1e72e9a37198862073d b/19/81009150fc3fe1ac6ec1e72e9a37198862073d new file mode 100644 index 000000000..3690c98d7 --- /dev/null +++ b/19/81009150fc3fe1ac6ec1e72e9a37198862073d @@ -0,0 +1,145 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id 3DD29431FC2 + for ; Sun, 1 Feb 2015 13:36:51 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: 1.739 +X-Spam-Level: * +X-Spam-Status: No, score=1.739 tagged_above=-999 required=5 + tests=[DNS_FROM_AHBL_RHSBL=2.438, RCVD_IN_DNSWL_LOW=-0.7, + UNPARSEABLE_RELAY=0.001] autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id R5faG8f7dXet for ; + Sun, 1 Feb 2015 13:36:48 -0800 (PST) +Received: from mail-wi0-f182.google.com (mail-wi0-f182.google.com + [209.85.212.182]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) + (No client certificate requested) + by olra.theworths.org (Postfix) with ESMTPS id C973A431FC0 + for ; Sun, 1 Feb 2015 13:36:47 -0800 (PST) +Received: by mail-wi0-f182.google.com with SMTP id n3so11728949wiv.3 + for ; Sun, 01 Feb 2015 13:36:44 -0800 (PST) +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20130820; + h=x-gm-message-state:to:subject:in-reply-to:references:user-agent + :from:date:message-id:mime-version:content-type + :content-transfer-encoding; + bh=lS45ESyXyQKWixJwLecJJWKGC4JU5cJh39Z7jrQKYF4=; + b=jePytW8+KXeKXMC3T43SMGEVXxufV0egvlSTACbz90kNJu4Lb6/xfD9Td+j5MlgSLP + eIO7vQr6uNsdC2vUtiQ6n8ymXpy9sIP2+vYBf77Wbav76yMc9sGXY1ozSiCIVrEJDtM7 + aSpCGqtdRGKenrDkGjzfo+xseqtfs5kU7SrJo7B2H1DzEErd5XCRAFOPIg6aXzKs1ATw + 0yd4gzz9q06LA8/qfhgBdNOGhQqODtkZX5nmF2YsDhMhsW09+p8zf7SAIRfui4t3Km6I + BgDHgkJ593C2KEbTJqVOWalody/u46R/UTsq33uyQ8on8H13PXXoh3ENDqWFl5C79Wa5 + 9cxQ== +X-Gm-Message-State: + ALoCoQlCRqcS9NSofKjNhBQ+4h/1BRkoAxUDt8O2gCKEMJX+e9X6lCsIz6lenju0bvq2J+P19cHv +X-Received: by 10.180.198.148 with SMTP id jc20mr12584892wic.67.1422826603393; + Sun, 01 Feb 2015 13:36:43 -0800 (PST) +Received: from disaster-area.hh.sledj.net + ([2a01:348:1a2:1:ea39:35ff:fe2c:a227]) + by mx.google.com with ESMTPSA id d7sm24922070wjs.2.2015.02.01.13.36.41 + (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); + Sun, 01 Feb 2015 13:36:42 -0800 (PST) +Received: from localhost (30000@localhost [local]); + by localhost (OpenSMTPD) with ESMTPA id 7e17e347; + Sun, 1 Feb 2015 21:36:40 +0000 (UTC) +To: Jinwoo Lee , notmuch@notmuchmail.org +Subject: Re: [PATCH] emacs: Add a defcustom that specifies regexp for + blocked remote images. +In-Reply-To: <1422567352-32647-1-git-send-email-jinwoo68@gmail.com> +References: <1422567352-32647-1-git-send-email-jinwoo68@gmail.com> +User-Agent: none +From: David Edmondson +Date: Sun, 01 Feb 2015 21:36:40 +0000 +Message-ID: +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf-8 +Content-Transfer-Encoding: quoted-printable +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Sun, 01 Feb 2015 21:36:51 -0000 + +On Thu, Jan 29 2015, Jinwoo Lee wrote: +> It's default value is ".", meaning all remote images will be blocked +> by default. +> +> --- +> This time setting gnus-blocked-images from the correct place. + +Looks good - it is better than the code currently in the repository, +even if it doesn=E2=80=99t address every possible case that we have discuss= +ed. + +> --- +> emacs/notmuch-show.el | 23 ++++++++++++++++++----- +> 1 file changed, 18 insertions(+), 5 deletions(-) +> +> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el +> index 66350d4..6f38e0c 100644 +> --- a/emacs/notmuch-show.el +> +++ b/emacs/notmuch-show.el +> @@ -136,6 +136,11 @@ indentation." +> :type 'boolean +> :group 'notmuch-show) +>=20=20 +> +(defcustom notmuch-show-text/html-blocked-images "." +> + "Remote images that have URLs matching this regexp will be blocked." +> + :type '(choice (const nil) regexp) +> + :group 'notmuch-show) +> + +> (defvar notmuch-show-thread-id nil) +> (make-variable-buffer-local 'notmuch-show-thread-id) +> (put 'notmuch-show-thread-id 'permanent-local t) +> @@ -798,16 +803,24 @@ will return nil if the CID is unknown or cannot be = +retrieved." +> ;; URL-decode it (see RFC 2392). +> (let ((cid (url-unhex-string url))) +> (first (notmuch-show--get-cid-content cid))))) +> - ;; Block all external images to prevent privacy leaks and +> - ;; potential attacks. FIXME: If we block an image, offer a +> - ;; button to load external images. +> - (shr-blocked-images ".")) +> + ;; By default, block all external images to prevent privacy +> + ;; leaks and potential attacks. FIXME: If we block an image, +> + ;; offer a button to load external images. +> + (shr-blocked-images notmuch-show-text/html-blocked-images)) +> (shr-insert-document dom) +> t)) +>=20=20 +> (defun notmuch-show-insert-part-*/* (msg part content-type nth depth but= +ton) +> ;; This handler _must_ succeed - it is the handler of last resort. +> - (notmuch-mm-display-part-inline msg part content-type notmuch-show-pro= +cess-crypto) +> + +> + ;; By default, block all external images to prevent privacy leaks +> + ;; and potential attacks. FIXME: If we block an image, offer a +> + ;; button to load external images. +> + ;; Note that GNUS-BLOCKED-IMAGES is effective only when +> + ;; MM-TEXT-HTML-RENDERER is 'gnus-w3m. +> + (let ((gnus-blocked-images notmuch-show-text/html-blocked-images)) +> + (notmuch-mm-display-part-inline msg part content-type +> + notmuch-show-process-crypto)) +> t) +>=20=20 +> ;; Functions for determining how to handle MIME parts. +> --=20 +> 2.2.2 +> +> _______________________________________________ +> notmuch mailing list +> notmuch@notmuchmail.org +> http://notmuchmail.org/mailman/listinfo/notmuch -- 2.26.2