1 Return-Path: <tomi.ollila@iki.fi>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by olra.theworths.org (Postfix) with ESMTP id A768E431FC2
\r
6 for <notmuch@notmuchmail.org>; Mon, 2 Feb 2015 12:32:44 -0800 (PST)
\r
7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
\r
11 X-Spam-Status: No, score=2.438 tagged_above=-999 required=5
\r
12 tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled
\r
13 Received: from olra.theworths.org ([127.0.0.1])
\r
14 by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
\r
15 with ESMTP id xveII0olZmdC for <notmuch@notmuchmail.org>;
\r
16 Mon, 2 Feb 2015 12:32:41 -0800 (PST)
\r
17 Received: from guru.guru-group.fi (guru.guru-group.fi [46.183.73.34])
\r
18 by olra.theworths.org (Postfix) with ESMTP id 2C06C431FC0
\r
19 for <notmuch@notmuchmail.org>; Mon, 2 Feb 2015 12:32:41 -0800 (PST)
\r
20 Received: from guru.guru-group.fi (localhost [IPv6:::1])
\r
21 by guru.guru-group.fi (Postfix) with ESMTP id BEB1E10004A;
\r
22 Mon, 2 Feb 2015 22:32:12 +0200 (EET)
\r
23 From: Tomi Ollila <tomi.ollila@iki.fi>
\r
24 To: Jinwoo Lee <jinwoo68@gmail.com>, notmuch@notmuchmail.org
\r
25 Subject: Re: [PATCH] emacs: Add a defcustom that specifies regexp for
\r
26 blocked remote images.
\r
27 In-Reply-To: <1422903246-8621-1-git-send-email-jinwoo68@gmail.com>
\r
28 References: <1422903246-8621-1-git-send-email-jinwoo68@gmail.com>
\r
29 User-Agent: Notmuch/0.19+53~gb45d2f9 (http://notmuchmail.org) Emacs/24.3.1
\r
30 (x86_64-unknown-linux-gnu)
\r
31 X-Face: HhBM'cA~<r"^Xv\KRN0P{vn'Y"Kd;zg_y3S[4)KSN~s?O\"QPoL
\r
32 $[Xv_BD:i/F$WiEWax}R(MPS`^UaptOGD`*/=@\1lKoVa9tnrg0TW?"r7aRtgk[F
\r
33 !)g;OY^,BjTbr)Np:%c_o'jj,Z
\r
34 Date: Mon, 02 Feb 2015 22:32:12 +0200
\r
35 Message-ID: <m27fw0awc3.fsf@guru.guru-group.fi>
\r
37 Content-Type: text/plain
\r
38 X-BeenThere: notmuch@notmuchmail.org
\r
39 X-Mailman-Version: 2.1.13
\r
41 List-Id: "Use and development of the notmuch mail system."
\r
42 <notmuch.notmuchmail.org>
\r
43 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
44 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
45 List-Archive: <http://notmuchmail.org/pipermail/notmuch>
\r
46 List-Post: <mailto:notmuch@notmuchmail.org>
\r
47 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
48 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
49 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
50 X-List-Received-Date: Mon, 02 Feb 2015 20:32:44 -0000
\r
52 On Mon, Feb 02 2015, Jinwoo Lee <jinwoo68@gmail.com> wrote:
\r
54 > It's default value is ".", meaning all remote images will be blocked
\r
58 > Addressed review comments.
\r
60 Ok, looks good to me. David can perhaps amend away the (accidental)
\r
61 whitespace change in the last hunk ?
\r
67 > emacs/notmuch-show.el | 27 +++++++++++++++++++--------
\r
68 > 1 file changed, 19 insertions(+), 8 deletions(-)
\r
70 > diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
\r
71 > index 66350d4..5d939bb 100644
\r
72 > --- a/emacs/notmuch-show.el
\r
73 > +++ b/emacs/notmuch-show.el
\r
74 > @@ -136,6 +136,13 @@ indentation."
\r
76 > :group 'notmuch-show)
\r
78 > +;; By default, block all external images to prevent privacy leaks and
\r
79 > +;; potential attacks.
\r
80 > +(defcustom notmuch-show-text/html-blocked-images "."
\r
81 > + "Remote images that have URLs matching this regexp will be blocked."
\r
82 > + :type '(choice (const nil) regexp)
\r
83 > + :group 'notmuch-show)
\r
85 > (defvar notmuch-show-thread-id nil)
\r
86 > (make-variable-buffer-local 'notmuch-show-thread-id)
\r
87 > (put 'notmuch-show-thread-id 'permanent-local t)
\r
88 > @@ -771,14 +778,21 @@ will return nil if the CID is unknown or cannot be retrieved."
\r
89 > ;; It's easier to drive shr ourselves than to work around the
\r
90 > ;; goofy things `mm-shr' does (like irreversibly taking over
\r
91 > ;; content ID handling).
\r
92 > - (notmuch-show--insert-part-text/html-shr msg part)
\r
94 > + ;; FIXME: If we block an image, offer a button to load external
\r
96 > + (let ((shr-blocked-images notmuch-show-text/html-blocked-images))
\r
97 > + (notmuch-show--insert-part-text/html-shr msg part))
\r
98 > ;; Otherwise, let message-mode do the heavy lifting
\r
100 > ;; w3m sets up a keymap which "leaks" outside the invisible region
\r
101 > ;; and causes strange effects in notmuch. We set
\r
102 > ;; mm-inline-text-html-with-w3m-keymap to nil to tell w3m not to
\r
103 > ;; set a keymap (so the normal notmuch-show-mode-map remains).
\r
104 > - (let ((mm-inline-text-html-with-w3m-keymap nil))
\r
105 > + (let ((mm-inline-text-html-with-w3m-keymap nil)
\r
106 > + ;; FIXME: If we block an image, offer a button to load external
\r
108 > + (gnus-blocked-images notmuch-show-text/html-blocked-images))
\r
109 > (notmuch-show-insert-part-*/* msg part content-type nth depth button))))
\r
111 > ;; These functions are used by notmuch-show--insert-part-text/html-shr
\r
112 > @@ -797,17 +811,14 @@ will return nil if the CID is unknown or cannot be retrieved."
\r
113 > ;; shr strips the "cid:" part of URL, but doesn't
\r
114 > ;; URL-decode it (see RFC 2392).
\r
115 > (let ((cid (url-unhex-string url)))
\r
116 > - (first (notmuch-show--get-cid-content cid)))))
\r
117 > - ;; Block all external images to prevent privacy leaks and
\r
118 > - ;; potential attacks. FIXME: If we block an image, offer a
\r
119 > - ;; button to load external images.
\r
120 > - (shr-blocked-images "."))
\r
121 > + (first (notmuch-show--get-cid-content cid))))))
\r
122 > (shr-insert-document dom)
\r
125 > (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)
\r
126 > ;; This handler _must_ succeed - it is the handler of last resort.
\r
127 > - (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)
\r
128 > + (notmuch-mm-display-part-inline msg part content-type
\r
129 > + notmuch-show-process-crypto)
\r
132 > ;; Functions for determining how to handle MIME parts.
\r
136 > _______________________________________________
\r
137 > notmuch mailing list
\r
138 > notmuch@notmuchmail.org
\r
139 > http://notmuchmail.org/mailman/listinfo/notmuch
\r