Return-Path: X-Original-To: notmuch@notmuchmail.org Delivered-To: notmuch@notmuchmail.org Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id 749A5431FC2 for ; Mon, 2 Feb 2015 10:55:54 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: 2.639 X-Spam-Level: ** X-Spam-Status: No, score=2.639 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DNS_FROM_AHBL_RHSBL=2.438, FREEMAIL_ENVFROM_END_DIGIT=1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y3rK8oT2HJi6 for ; Mon, 2 Feb 2015 10:55:51 -0800 (PST) Received: from mail-ie0-f175.google.com (mail-ie0-f175.google.com [209.85.223.175]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by olra.theworths.org (Postfix) with ESMTPS id 35F16431FC0 for ; Mon, 2 Feb 2015 10:55:51 -0800 (PST) Received: by mail-ie0-f175.google.com with SMTP id ar1so19670950iec.6 for ; Mon, 02 Feb 2015 10:55:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=TCQXNR9BlHS9b8+kXqPyopoK0NJOeZDADPwJmGJIeFs=; b=lYXmiKlYL5GDWMxNWa7G7jJPUtETmSBJzXKmCbASlK8IdYIu8QLYtGB1VCmKfxjrFd DKHziCiZ8eRx5sQ23Wp1CElCmHBbxfmxvCRURsjdSNTy/DupRbyHDxf1fWXQ+UbkBbSN dkHhWSMx8XeKTlfYSfElG8SqexZWqAJJjAnX6gf2oGfKarQVDIVAihNcltcLo14NoS20 WsUIbOzYwccHRs0byYpkRgQfG6SZIkEreCJR0fGqCKfDjtodddkvISFTbgtmgHFdyqAR qEhPdQvIrrbZPb6QwSX6CmuInRarPtMijG7CxtsS+BeCItIBtJN9hO4FGwO2+auG98yM MU2w== X-Received: by 10.50.111.168 with SMTP id ij8mr13465072igb.43.1422903348719; Mon, 02 Feb 2015 10:55:48 -0800 (PST) Received: from jinwoo-macbookair.roam.corp.google.com.com ([172.19.60.210]) by mx.google.com with ESMTPSA id j77sm344578ioj.30.2015.02.02.10.55.47 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 02 Feb 2015 10:55:47 -0800 (PST) From: Jinwoo Lee To: notmuch@notmuchmail.org Subject: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images. Date: Mon, 2 Feb 2015 10:54:06 -0800 Message-Id: <1422903246-8621-1-git-send-email-jinwoo68@gmail.com> X-Mailer: git-send-email 2.2.2 X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Feb 2015 18:55:54 -0000 It's default value is ".", meaning all remote images will be blocked by default. --- Addressed review comments. --- emacs/notmuch-show.el | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el index 66350d4..5d939bb 100644 --- a/emacs/notmuch-show.el +++ b/emacs/notmuch-show.el @@ -136,6 +136,13 @@ indentation." :type 'boolean :group 'notmuch-show) +;; By default, block all external images to prevent privacy leaks and +;; potential attacks. +(defcustom notmuch-show-text/html-blocked-images "." + "Remote images that have URLs matching this regexp will be blocked." + :type '(choice (const nil) regexp) + :group 'notmuch-show) + (defvar notmuch-show-thread-id nil) (make-variable-buffer-local 'notmuch-show-thread-id) (put 'notmuch-show-thread-id 'permanent-local t) @@ -771,14 +778,21 @@ will return nil if the CID is unknown or cannot be retrieved." ;; It's easier to drive shr ourselves than to work around the ;; goofy things `mm-shr' does (like irreversibly taking over ;; content ID handling). - (notmuch-show--insert-part-text/html-shr msg part) + + ;; FIXME: If we block an image, offer a button to load external + ;; images. + (let ((shr-blocked-images notmuch-show-text/html-blocked-images)) + (notmuch-show--insert-part-text/html-shr msg part)) ;; Otherwise, let message-mode do the heavy lifting ;; ;; w3m sets up a keymap which "leaks" outside the invisible region ;; and causes strange effects in notmuch. We set ;; mm-inline-text-html-with-w3m-keymap to nil to tell w3m not to ;; set a keymap (so the normal notmuch-show-mode-map remains). - (let ((mm-inline-text-html-with-w3m-keymap nil)) + (let ((mm-inline-text-html-with-w3m-keymap nil) + ;; FIXME: If we block an image, offer a button to load external + ;; images. + (gnus-blocked-images notmuch-show-text/html-blocked-images)) (notmuch-show-insert-part-*/* msg part content-type nth depth button)))) ;; These functions are used by notmuch-show--insert-part-text/html-shr @@ -797,17 +811,14 @@ will return nil if the CID is unknown or cannot be retrieved." ;; shr strips the "cid:" part of URL, but doesn't ;; URL-decode it (see RFC 2392). (let ((cid (url-unhex-string url))) - (first (notmuch-show--get-cid-content cid))))) - ;; Block all external images to prevent privacy leaks and - ;; potential attacks. FIXME: If we block an image, offer a - ;; button to load external images. - (shr-blocked-images ".")) + (first (notmuch-show--get-cid-content cid)))))) (shr-insert-document dom) t)) (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button) ;; This handler _must_ succeed - it is the handler of last resort. - (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto) + (notmuch-mm-display-part-inline msg part content-type + notmuch-show-process-crypto) t) ;; Functions for determining how to handle MIME parts. -- 2.2.2