From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Fabio Natali via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#74218: [PATCH] Ask confirmation before sending region to search engine. Date: Wed, 06 Nov 2024 15:27:04 +0000 Message-ID: <87ikt0gz7b.fsf@fabionatali.com> References: <20241106005544.26516-1-me@fabionatali.com> <86pln8sfqe.fsf@gnu.org> Reply-To: Fabio Natali Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="40014"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 74218@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Wed Nov 06 16:28:30 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1t8hxN-000AE9-Hz for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 06 Nov 2024 16:28:29 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1t8hwx-0004PC-Bv; Wed, 06 Nov 2024 10:28:03 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t8hww-0004P4-6F for bug-gnu-emacs@gnu.org; Wed, 06 Nov 2024 10:28:02 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1t8hwv-00037C-Ts for bug-gnu-emacs@gnu.org; Wed, 06 Nov 2024 10:28:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=oiQz1ZM6BNz1PXBIjpy0y858C/DK6SBSc4GQlEZDi8A=; b=U0sP/8FbyjPECxKQXQYsjmfFmCsSmw40OApBsHLH/1wwYNKfnAsQUJSQxBo1mrRC8syrFqX2nV9UiQzL/p+kq3SX93s2Zkj0pALcS2GwpXzNe+10FSQR0yD/o8dg/b6IPIcID3d/A2x/DwIbOjgR2W/60AHRX4SNvaa20dEzY/uw+HuguB3yB1EnLCG4W3cOnEvwLAVtM2jtnKcCIPRJmM043MmNFkry/IN/lvGKx7lcu//EfonxNhKdxPVrvAUD1AOHrNhRDq/ah9hScw5XSEcaqvhpq71RjxEqs5qynN6QGegZgOlREHuNitKoY5C2faAnixeCClFu/Z4Zq/FSyA==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1t8hwv-0005iW-Ne for bug-gnu-emacs@gnu.org; Wed, 06 Nov 2024 10:28:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Fabio Natali Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 06 Nov 2024 15:28:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74218 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 74218-submit@debbugs.gnu.org id=B74218.173090683421917 (code B ref 74218); Wed, 06 Nov 2024 15:28:01 +0000 Original-Received: (at 74218) by debbugs.gnu.org; 6 Nov 2024 15:27:14 +0000 Original-Received: from localhost ([127.0.0.1]:45103 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t8hwA-0005hQ-6t for submit@debbugs.gnu.org; Wed, 06 Nov 2024 10:27:14 -0500 Original-Received: from relay8-d.mail.gandi.net ([217.70.183.201]:51257) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t8hw7-0005hC-TL for 74218@debbugs.gnu.org; Wed, 06 Nov 2024 10:27:12 -0500 Original-Received: by mail.gandi.net (Postfix) with ESMTPSA id 4D9A21BF20B; Wed, 6 Nov 2024 15:27:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fabionatali.com; s=gm1; t=1730906825; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=oiQz1ZM6BNz1PXBIjpy0y858C/DK6SBSc4GQlEZDi8A=; b=NI5YjIqmfPwdXI/f3fB5QJDc4/E4s8wa8+erqWrK2n5ZT7pVCv+NHOvswUXQ32diQZcKu7 vcwJx11x0S9u/YiFmsnqr/L3yRZOSPoSJSmSh33QPANoKpb+oNKiwXzKtMgUfay6hdkAIs JprUFSKsXyFsGTXBR84+YKNhnKF8Iz2Lw5DmKmuUEXENYqLBbFV2heQR5x1eWuHcng6hkG sD8s7w80RQdBKD3dgDNnktbRpDQyYIMDezdYzAcrtWxvHywrA0Je96YcZ5PkaPsR4psi4p +tdI4VGF5Izj0RYfV9PGE9zQUnxQlteCs5P+GHq8ekxEpuVtzyfcqfxElOZABA== In-Reply-To: <86pln8sfqe.fsf@gnu.org> X-GND-Sasl: me@fabionatali.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:294971 Archived-At: --=-=-= Content-Type: text/plain Hi Eli, Please find attached a v2 that - hopefully - addresses the points mentioned in your email. Please see my further comments inline below. Thanks for all the help, cheers, Fabio. On 2024-11-06, 14:34 +0200, Eli Zaretskii wrote: >> * lisp/net/eww.el (eww-search-confirm-send-region, >> eww-search-words): With 'eww-search-words' (by default bound to 'M-s >> M-w') a user can type in some search terms and get back the results >> of a web search from a predefined search engine. If a region is >> selected, 'eww-search-words' will use that for the web search >> instead of prompting the user. > > This should be reformatted according to our conventions, see > CONTRIBUTE. Ok, here's what I've changed: - Set max line length to 63 chars. - Slightly reordered the text so that some broader explanation comes first and the ChangeLog entries later. - Micro-improvements to the ChangeLog entries. I hope it looks better now - but I'm still a little unsure. If there's anything else that's left to fix, please let me know. > The first line of a doc string should be a single complete sentence, > and should attempt to summarize what the function/variable does, > because some "apropos" commands show only the first line of each doc > string. Ha! True, sorry, that's also fixed now. >> + :version "30.0" > > This should be "31.1". Fixed. >> + (format-message >> + "Send region to the configured search engine? "))) > > IMO, this should somehow try to indicate the problematic aspect of > doing this. For example, maybe it should say > > Really send the entire region to the search engine? Good one, fixed. > It is also possible that short regions should be sent without any need > for confirmation. In which case perhaps the variable should allow > integer values, not just nil and t. I think I disagree on this one. The functionality you suggest is a superset of what I implemented and it goes in the direction of giving more freedom to the user. On the other hand, however, I don't see a strong correlation between the sensitivity of a piece of information and its length. For the sake of simplicity, I'd have a preference to maintain the boolean logic as per my original patch. > In addition, I don't see any need to ask for confirmation when we are > not going to send anything to the search engine, so I think the test > for white-space region should be before the confirmation prompt, and > only if the region is going to be sent. Ha, another good one! Thanks, fixed. > Would you like to start at this time your legal paperwork of assigning > the copyright to the FSF, so that we could accept your future > contributions without limitations? Sent separately, thanks. -- Fabio Natali https://fabionatali.com --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=v2-0001-Ask-confirmation-before-sending-region-to-search-.patch >From cdd17053befac8298a04d0cdfc4cafe5a410166b Mon Sep 17 00:00:00 2001 From: Fabio Natali Date: Tue, 5 Nov 2024 23:52:30 +0000 Subject: [PATCH v2] Ask confirmation before sending region to search engine With 'eww-search-words' (by default bound to 'M-s M-w') a user can type in some search terms and get back the results of a web search from a predefined search engine. If a region is selected, 'eww-search-words' will use that for the web search instead of prompting the user. In its current form, 'eww-search-words' presents a security and usability problem. It is relatively too easy to mistakenly launch the function and, if a region of text is selected, have potentially sensitive data sent out to a third-party service. This commit changes the search function's default behaviour so that explicit confirmation is required before a region is sent to a search engine. The behaviour can be adjusted via the newly-introduced 'eww-search-confirm-send-region' variable, which is set to true by default. * lisp/net/eww.el (eww-search-confirm-send-region): Add. (eww-search-words): Update default 'eww-search-words' behaviour so as to ask confirmation before sending a region to a search engine. --- lisp/net/eww.el | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/lisp/net/eww.el b/lisp/net/eww.el index 2d351dff88f..cbf989f4a6a 100644 --- a/lisp/net/eww.el +++ b/lisp/net/eww.el @@ -52,6 +52,17 @@ :group 'eww :type 'string) +(defcustom eww-search-confirm-send-region t + "Whether to confirm before sending a region to a search engine. +Non-nil if EWW should ask confirmation before sending the +selected region to the configured search engine. This is the +default to mitigate the risk of accidental data leak. Set this +variable to nil to send the region to the search engine +straightaway." + :version "31.1" + :group 'eww + :type 'boolean) + (defcustom eww-search-prefix "https://duckduckgo.com/html/?q=" "Prefix URL to search engine." :version "24.4" @@ -605,7 +616,12 @@ for the search engine used." (if (use-region-p) (let ((region-string (buffer-substring (region-beginning) (region-end)))) (if (not (string-match-p "\\`[ \n\t\r\v\f]*\\'" region-string)) - (eww region-string) + (when + (or (not eww-search-confirm-send-region) + (yes-or-no-p + (format-message + "Really send the entire region to the search engine? "))) + (eww region-string)) (call-interactively #'eww))) (call-interactively #'eww))) -- 2.46.0 --=-=-=--