From cdd17053befac8298a04d0cdfc4cafe5a410166b Mon Sep 17 00:00:00 2001
From: Fabio Natali <me@fabionatali.com>
Date: Tue, 5 Nov 2024 23:52:30 +0000
Subject: [PATCH v2] Ask confirmation before sending region to search engine

With 'eww-search-words' (by default bound to 'M-s M-w') a user
can type in some search terms and get back the results of a web
search from a predefined search engine. If a region is selected,
'eww-search-words' will use that for the web search instead of
prompting the user.

In its current form, 'eww-search-words' presents a security and
usability problem. It is relatively too easy to mistakenly
launch the function and, if a region of text is selected, have
potentially sensitive data sent out to a third-party service.

This commit changes the search function's default behaviour so
that explicit confirmation is required before a region is sent
to a search engine. The behaviour can be adjusted via the
newly-introduced 'eww-search-confirm-send-region' variable,
which is set to true by default.

* lisp/net/eww.el (eww-search-confirm-send-region): Add.
(eww-search-words): Update default 'eww-search-words' behaviour
so as to ask confirmation before sending a region to a search
engine.
---
 lisp/net/eww.el | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/lisp/net/eww.el b/lisp/net/eww.el
index 2d351dff88f..cbf989f4a6a 100644
--- a/lisp/net/eww.el
+++ b/lisp/net/eww.el
@@ -52,6 +52,17 @@
   :group 'eww
   :type 'string)
 
+(defcustom eww-search-confirm-send-region t
+  "Whether to confirm before sending a region to a search engine.
+Non-nil if EWW should ask confirmation before sending the
+selected region to the configured search engine.  This is the
+default to mitigate the risk of accidental data leak.  Set this
+variable to nil to send the region to the search engine
+straightaway."
+  :version "31.1"
+  :group 'eww
+  :type 'boolean)
+
 (defcustom eww-search-prefix "https://duckduckgo.com/html/?q="
   "Prefix URL to search engine."
   :version "24.4"
@@ -605,7 +616,12 @@ for the search engine used."
   (if (use-region-p)
       (let ((region-string (buffer-substring (region-beginning) (region-end))))
         (if (not (string-match-p "\\`[ \n\t\r\v\f]*\\'" region-string))
-            (eww region-string)
+            (when
+                (or (not eww-search-confirm-send-region)
+                    (yes-or-no-p
+                     (format-message
+                      "Really send the entire region to the search engine? ")))
+              (eww region-string))
           (call-interactively #'eww)))
     (call-interactively #'eww)))
 
-- 
2.46.0