* [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.
@ 2015-01-29 17:28 Jinwoo Lee
0 siblings, 0 replies; 16+ messages in thread
From: Jinwoo Lee @ 2015-01-29 17:28 UTC (permalink / raw)
To: notmuch
It's default value is ".", meaning all remote images will be blocked
by default.
---
emacs/notmuch-show.el | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
index 66350d4..cc6aca9 100644
--- a/emacs/notmuch-show.el
+++ b/emacs/notmuch-show.el
@@ -136,6 +136,11 @@ indentation."
:type 'boolean
:group 'notmuch-show)
+(defcustom notmuch-show-text/html-blocked-images "."
+ "Remote images that have URLs matching this regexp will be blocked."
+ :type '(choice (const nil) regexp)
+ :group 'notmuch-show)
+
(defvar notmuch-show-thread-id nil)
(make-variable-buffer-local 'notmuch-show-thread-id)
(put 'notmuch-show-thread-id 'permanent-local t)
@@ -798,10 +803,11 @@ will return nil if the CID is unknown or cannot be retrieved."
;; URL-decode it (see RFC 2392).
(let ((cid (url-unhex-string url)))
(first (notmuch-show--get-cid-content cid)))))
- ;; Block all external images to prevent privacy leaks and
- ;; potential attacks. FIXME: If we block an image, offer a
- ;; button to load external images.
- (shr-blocked-images "."))
+ ;; By default, block all external images to prevent privacy
+ ;; leaks and potential attacks. FIXME: If we block an image,
+ ;; offer a button to load external images.
+ (shr-blocked-images notmuch-show-text/html-blocked-images)
+ (gnus-blocked-images notmuch-show-text/html-blocked-images))
(shr-insert-document dom)
t))
--
2.2.2
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.
@ 2015-01-29 21:35 Jinwoo Lee
2015-01-31 0:10 ` Jinwoo Lee
` (2 more replies)
0 siblings, 3 replies; 16+ messages in thread
From: Jinwoo Lee @ 2015-01-29 21:35 UTC (permalink / raw)
To: notmuch
It's default value is ".", meaning all remote images will be blocked
by default.
---
This time setting gnus-blocked-images from the correct place.
---
emacs/notmuch-show.el | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
index 66350d4..6f38e0c 100644
--- a/emacs/notmuch-show.el
+++ b/emacs/notmuch-show.el
@@ -136,6 +136,11 @@ indentation."
:type 'boolean
:group 'notmuch-show)
+(defcustom notmuch-show-text/html-blocked-images "."
+ "Remote images that have URLs matching this regexp will be blocked."
+ :type '(choice (const nil) regexp)
+ :group 'notmuch-show)
+
(defvar notmuch-show-thread-id nil)
(make-variable-buffer-local 'notmuch-show-thread-id)
(put 'notmuch-show-thread-id 'permanent-local t)
@@ -798,16 +803,24 @@ will return nil if the CID is unknown or cannot be retrieved."
;; URL-decode it (see RFC 2392).
(let ((cid (url-unhex-string url)))
(first (notmuch-show--get-cid-content cid)))))
- ;; Block all external images to prevent privacy leaks and
- ;; potential attacks. FIXME: If we block an image, offer a
- ;; button to load external images.
- (shr-blocked-images "."))
+ ;; By default, block all external images to prevent privacy
+ ;; leaks and potential attacks. FIXME: If we block an image,
+ ;; offer a button to load external images.
+ (shr-blocked-images notmuch-show-text/html-blocked-images))
(shr-insert-document dom)
t))
(defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)
;; This handler _must_ succeed - it is the handler of last resort.
- (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)
+
+ ;; By default, block all external images to prevent privacy leaks
+ ;; and potential attacks. FIXME: If we block an image, offer a
+ ;; button to load external images.
+ ;; Note that GNUS-BLOCKED-IMAGES is effective only when
+ ;; MM-TEXT-HTML-RENDERER is 'gnus-w3m.
+ (let ((gnus-blocked-images notmuch-show-text/html-blocked-images))
+ (notmuch-mm-display-part-inline msg part content-type
+ notmuch-show-process-crypto))
t)
;; Functions for determining how to handle MIME parts.
--
2.2.2
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.
2015-01-29 21:35 [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images Jinwoo Lee
@ 2015-01-31 0:10 ` Jinwoo Lee
2015-02-01 21:36 ` David Edmondson
2015-02-01 21:40 ` Tomi Ollila
2 siblings, 0 replies; 16+ messages in thread
From: Jinwoo Lee @ 2015-01-31 0:10 UTC (permalink / raw)
To: notmuch
Can someone take a look please?
On Thu, Jan 29, 2015 at 01:35 PM, Jinwoo Lee <jinwoo68@gmail.com> wrote:
> It's default value is ".", meaning all remote images will be blocked
> by default.
>
> ---
> This time setting gnus-blocked-images from the correct place.
> ---
> emacs/notmuch-show.el | 23 ++++++++++++++++++-----
> 1 file changed, 18 insertions(+), 5 deletions(-)
>
> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
> index 66350d4..6f38e0c 100644
> --- a/emacs/notmuch-show.el
> +++ b/emacs/notmuch-show.el
> @@ -136,6 +136,11 @@ indentation."
> :type 'boolean
> :group 'notmuch-show)
>
> +(defcustom notmuch-show-text/html-blocked-images "."
> + "Remote images that have URLs matching this regexp will be blocked."
> + :type '(choice (const nil) regexp)
> + :group 'notmuch-show)
> +
> (defvar notmuch-show-thread-id nil)
> (make-variable-buffer-local 'notmuch-show-thread-id)
> (put 'notmuch-show-thread-id 'permanent-local t)
> @@ -798,16 +803,24 @@ will return nil if the CID is unknown or cannot be retrieved."
> ;; URL-decode it (see RFC 2392).
> (let ((cid (url-unhex-string url)))
> (first (notmuch-show--get-cid-content cid)))))
> - ;; Block all external images to prevent privacy leaks and
> - ;; potential attacks. FIXME: If we block an image, offer a
> - ;; button to load external images.
> - (shr-blocked-images "."))
> + ;; By default, block all external images to prevent privacy
> + ;; leaks and potential attacks. FIXME: If we block an image,
> + ;; offer a button to load external images.
> + (shr-blocked-images notmuch-show-text/html-blocked-images))
> (shr-insert-document dom)
> t))
>
> (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)
> ;; This handler _must_ succeed - it is the handler of last resort.
> - (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)
> +
> + ;; By default, block all external images to prevent privacy leaks
> + ;; and potential attacks. FIXME: If we block an image, offer a
> + ;; button to load external images.
> + ;; Note that GNUS-BLOCKED-IMAGES is effective only when
> + ;; MM-TEXT-HTML-RENDERER is 'gnus-w3m.
> + (let ((gnus-blocked-images notmuch-show-text/html-blocked-images))
> + (notmuch-mm-display-part-inline msg part content-type
> + notmuch-show-process-crypto))
> t)
>
> ;; Functions for determining how to handle MIME parts.
> --
> 2.2.2
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.
2015-01-29 21:35 [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images Jinwoo Lee
2015-01-31 0:10 ` Jinwoo Lee
@ 2015-02-01 21:36 ` David Edmondson
2015-02-01 21:42 ` Tomi Ollila
2015-02-01 21:40 ` Tomi Ollila
2 siblings, 1 reply; 16+ messages in thread
From: David Edmondson @ 2015-02-01 21:36 UTC (permalink / raw)
To: Jinwoo Lee, notmuch
On Thu, Jan 29 2015, Jinwoo Lee wrote:
> It's default value is ".", meaning all remote images will be blocked
> by default.
>
> ---
> This time setting gnus-blocked-images from the correct place.
Looks good - it is better than the code currently in the repository,
even if it doesn’t address every possible case that we have discussed.
> ---
> emacs/notmuch-show.el | 23 ++++++++++++++++++-----
> 1 file changed, 18 insertions(+), 5 deletions(-)
>
> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
> index 66350d4..6f38e0c 100644
> --- a/emacs/notmuch-show.el
> +++ b/emacs/notmuch-show.el
> @@ -136,6 +136,11 @@ indentation."
> :type 'boolean
> :group 'notmuch-show)
>
> +(defcustom notmuch-show-text/html-blocked-images "."
> + "Remote images that have URLs matching this regexp will be blocked."
> + :type '(choice (const nil) regexp)
> + :group 'notmuch-show)
> +
> (defvar notmuch-show-thread-id nil)
> (make-variable-buffer-local 'notmuch-show-thread-id)
> (put 'notmuch-show-thread-id 'permanent-local t)
> @@ -798,16 +803,24 @@ will return nil if the CID is unknown or cannot be retrieved."
> ;; URL-decode it (see RFC 2392).
> (let ((cid (url-unhex-string url)))
> (first (notmuch-show--get-cid-content cid)))))
> - ;; Block all external images to prevent privacy leaks and
> - ;; potential attacks. FIXME: If we block an image, offer a
> - ;; button to load external images.
> - (shr-blocked-images "."))
> + ;; By default, block all external images to prevent privacy
> + ;; leaks and potential attacks. FIXME: If we block an image,
> + ;; offer a button to load external images.
> + (shr-blocked-images notmuch-show-text/html-blocked-images))
> (shr-insert-document dom)
> t))
>
> (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)
> ;; This handler _must_ succeed - it is the handler of last resort.
> - (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)
> +
> + ;; By default, block all external images to prevent privacy leaks
> + ;; and potential attacks. FIXME: If we block an image, offer a
> + ;; button to load external images.
> + ;; Note that GNUS-BLOCKED-IMAGES is effective only when
> + ;; MM-TEXT-HTML-RENDERER is 'gnus-w3m.
> + (let ((gnus-blocked-images notmuch-show-text/html-blocked-images))
> + (notmuch-mm-display-part-inline msg part content-type
> + notmuch-show-process-crypto))
> t)
>
> ;; Functions for determining how to handle MIME parts.
> --
> 2.2.2
>
> _______________________________________________
> notmuch mailing list
> notmuch@notmuchmail.org
> http://notmuchmail.org/mailman/listinfo/notmuch
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.
2015-01-29 21:35 [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images Jinwoo Lee
2015-01-31 0:10 ` Jinwoo Lee
2015-02-01 21:36 ` David Edmondson
@ 2015-02-01 21:40 ` Tomi Ollila
2015-02-02 18:59 ` Jinwoo Lee
2 siblings, 1 reply; 16+ messages in thread
From: Tomi Ollila @ 2015-02-01 21:40 UTC (permalink / raw)
To: Jinwoo Lee, notmuch
On Thu, Jan 29 2015, Jinwoo Lee <jinwoo68@gmail.com> wrote:
> It's default value is ".", meaning all remote images will be blocked
> by default.
>
> ---
> This time setting gnus-blocked-images from the correct place.
> ---
> emacs/notmuch-show.el | 23 ++++++++++++++++++-----
> 1 file changed, 18 insertions(+), 5 deletions(-)
>
> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
> index 66350d4..6f38e0c 100644
> --- a/emacs/notmuch-show.el
> +++ b/emacs/notmuch-show.el
> @@ -136,6 +136,11 @@ indentation."
> :type 'boolean
> :group 'notmuch-show)
>
> +(defcustom notmuch-show-text/html-blocked-images "."
> + "Remote images that have URLs matching this regexp will be blocked."
> + :type '(choice (const nil) regexp)
> + :group 'notmuch-show)
> +
> (defvar notmuch-show-thread-id nil)
> (make-variable-buffer-local 'notmuch-show-thread-id)
> (put 'notmuch-show-thread-id 'permanent-local t)
> @@ -798,16 +803,24 @@ will return nil if the CID is unknown or cannot be retrieved."
> ;; URL-decode it (see RFC 2392).
> (let ((cid (url-unhex-string url)))
> (first (notmuch-show--get-cid-content cid)))))
> - ;; Block all external images to prevent privacy leaks and
> - ;; potential attacks. FIXME: If we block an image, offer a
> - ;; button to load external images.
> - (shr-blocked-images "."))
> + ;; By default, block all external images to prevent privacy
> + ;; leaks and potential attacks. FIXME: If we block an image,
> + ;; offer a button to load external images.
This comment looks little weird; maybe the "Block all external images to
prevent privacy leaks and potential attacks." part could be moved to
the defcustom part and leave the FIXME part here
> + (shr-blocked-images notmuch-show-text/html-blocked-images))
> (shr-insert-document dom)
> t))
>
> (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)
> ;; This handler _must_ succeed - it is the handler of last resort.
> - (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)
> +
> + ;; By default, block all external images to prevent privacy leaks
> + ;; and potential attacks. FIXME: If we block an image, offer a
> + ;; button to load external images.
> + ;; Note that GNUS-BLOCKED-IMAGES is effective only when
> + ;; MM-TEXT-HTML-RENDERER is 'gnus-w3m.
This last statement should be dropped unless we know for sure that this
is exact -- and rest (sans FIXME) can go to the defcustom...
... and to me, it looks like this is not the most suitable place for this
setting; easiest is to drop it into notmuch-show-insert-part-text/html
so it is in the same context as the shr. Alternative is to put it to
the earlier place in insert-part handling (or later,
i.e. notmuch-mm-display-part-inline )
> + (let ((gnus-blocked-images notmuch-show-text/html-blocked-images))
> + (notmuch-mm-display-part-inline msg part content-type
> + notmuch-show-process-crypto))
> t)
Tomi
>
> ;; Functions for determining how to handle MIME parts.
> --
> 2.2.2
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.
2015-02-01 21:36 ` David Edmondson
@ 2015-02-01 21:42 ` Tomi Ollila
2015-02-01 21:45 ` Tomi Ollila
0 siblings, 1 reply; 16+ messages in thread
From: Tomi Ollila @ 2015-02-01 21:42 UTC (permalink / raw)
To: David Edmondson, Jinwoo Lee, notmuch
On Sun, Feb 01 2015, David Edmondson <dme@dme.org> wrote:
> On Thu, Jan 29 2015, Jinwoo Lee wrote:
>> It's default value is ".", meaning all remote images will be blocked
>> by default.
>>
>> ---
>> This time setting gnus-blocked-images from the correct place.
>
> Looks good - it is better than the code currently in the repository,
> even if it doesn’t address every possible case that we have discussed.
That I can agree with :D
Tomi
>
>> ---
>> emacs/notmuch-show.el | 23 ++++++++++++++++++-----
>> 1 file changed, 18 insertions(+), 5 deletions(-)
>>
>> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
>> index 66350d4..6f38e0c 100644
>> --- a/emacs/notmuch-show.el
>> +++ b/emacs/notmuch-show.el
>> @@ -136,6 +136,11 @@ indentation."
>> :type 'boolean
>> :group 'notmuch-show)
>>
>> +(defcustom notmuch-show-text/html-blocked-images "."
>> + "Remote images that have URLs matching this regexp will be blocked."
>> + :type '(choice (const nil) regexp)
>> + :group 'notmuch-show)
>> +
>> (defvar notmuch-show-thread-id nil)
>> (make-variable-buffer-local 'notmuch-show-thread-id)
>> (put 'notmuch-show-thread-id 'permanent-local t)
>> @@ -798,16 +803,24 @@ will return nil if the CID is unknown or cannot be retrieved."
>> ;; URL-decode it (see RFC 2392).
>> (let ((cid (url-unhex-string url)))
>> (first (notmuch-show--get-cid-content cid)))))
>> - ;; Block all external images to prevent privacy leaks and
>> - ;; potential attacks. FIXME: If we block an image, offer a
>> - ;; button to load external images.
>> - (shr-blocked-images "."))
>> + ;; By default, block all external images to prevent privacy
>> + ;; leaks and potential attacks. FIXME: If we block an image,
>> + ;; offer a button to load external images.
>> + (shr-blocked-images notmuch-show-text/html-blocked-images))
>> (shr-insert-document dom)
>> t))
>>
>> (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)
>> ;; This handler _must_ succeed - it is the handler of last resort.
>> - (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)
>> +
>> + ;; By default, block all external images to prevent privacy leaks
>> + ;; and potential attacks. FIXME: If we block an image, offer a
>> + ;; button to load external images.
>> + ;; Note that GNUS-BLOCKED-IMAGES is effective only when
>> + ;; MM-TEXT-HTML-RENDERER is 'gnus-w3m.
>> + (let ((gnus-blocked-images notmuch-show-text/html-blocked-images))
>> + (notmuch-mm-display-part-inline msg part content-type
>> + notmuch-show-process-crypto))
>> t)
>>
>> ;; Functions for determining how to handle MIME parts.
>> --
>> 2.2.2
>>
>> _______________________________________________
>> notmuch mailing list
>> notmuch@notmuchmail.org
>> http://notmuchmail.org/mailman/listinfo/notmuch
> _______________________________________________
> notmuch mailing list
> notmuch@notmuchmail.org
> http://notmuchmail.org/mailman/listinfo/notmuch
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.
2015-02-01 21:42 ` Tomi Ollila
@ 2015-02-01 21:45 ` Tomi Ollila
0 siblings, 0 replies; 16+ messages in thread
From: Tomi Ollila @ 2015-02-01 21:45 UTC (permalink / raw)
To: David Edmondson, Jinwoo Lee, notmuch
On Sun, Feb 01 2015, Tomi Ollila <tomi.ollila@iki.fi> wrote:
> On Sun, Feb 01 2015, David Edmondson <dme@dme.org> wrote:
>
>> On Thu, Jan 29 2015, Jinwoo Lee wrote:
>>> It's default value is ".", meaning all remote images will be blocked
>>> by default.
>>>
>>> ---
>>> This time setting gnus-blocked-images from the correct place.
>>
>> Looks good - it is better than the code currently in the repository,
>> even if it doesn’t address every possible case that we have discussed.
>
> That I can agree with :D
(I mean it protects us better than the code currently in the repo...)
> Tomi
Tomi
>
>>
>>> ---
>>> emacs/notmuch-show.el | 23 ++++++++++++++++++-----
>>> 1 file changed, 18 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
>>> index 66350d4..6f38e0c 100644
>>> --- a/emacs/notmuch-show.el
>>> +++ b/emacs/notmuch-show.el
>>> @@ -136,6 +136,11 @@ indentation."
>>> :type 'boolean
>>> :group 'notmuch-show)
>>>
>>> +(defcustom notmuch-show-text/html-blocked-images "."
>>> + "Remote images that have URLs matching this regexp will be blocked."
>>> + :type '(choice (const nil) regexp)
>>> + :group 'notmuch-show)
>>> +
>>> (defvar notmuch-show-thread-id nil)
>>> (make-variable-buffer-local 'notmuch-show-thread-id)
>>> (put 'notmuch-show-thread-id 'permanent-local t)
>>> @@ -798,16 +803,24 @@ will return nil if the CID is unknown or cannot be retrieved."
>>> ;; URL-decode it (see RFC 2392).
>>> (let ((cid (url-unhex-string url)))
>>> (first (notmuch-show--get-cid-content cid)))))
>>> - ;; Block all external images to prevent privacy leaks and
>>> - ;; potential attacks. FIXME: If we block an image, offer a
>>> - ;; button to load external images.
>>> - (shr-blocked-images "."))
>>> + ;; By default, block all external images to prevent privacy
>>> + ;; leaks and potential attacks. FIXME: If we block an image,
>>> + ;; offer a button to load external images.
>>> + (shr-blocked-images notmuch-show-text/html-blocked-images))
>>> (shr-insert-document dom)
>>> t))
>>>
>>> (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)
>>> ;; This handler _must_ succeed - it is the handler of last resort.
>>> - (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)
>>> +
>>> + ;; By default, block all external images to prevent privacy leaks
>>> + ;; and potential attacks. FIXME: If we block an image, offer a
>>> + ;; button to load external images.
>>> + ;; Note that GNUS-BLOCKED-IMAGES is effective only when
>>> + ;; MM-TEXT-HTML-RENDERER is 'gnus-w3m.
>>> + (let ((gnus-blocked-images notmuch-show-text/html-blocked-images))
>>> + (notmuch-mm-display-part-inline msg part content-type
>>> + notmuch-show-process-crypto))
>>> t)
>>>
>>> ;; Functions for determining how to handle MIME parts.
>>> --
>>> 2.2.2
>>>
>>> _______________________________________________
>>> notmuch mailing list
>>> notmuch@notmuchmail.org
>>> http://notmuchmail.org/mailman/listinfo/notmuch
>> _______________________________________________
>> notmuch mailing list
>> notmuch@notmuchmail.org
>> http://notmuchmail.org/mailman/listinfo/notmuch
^ permalink raw reply [flat|nested] 16+ messages in thread
* [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.
@ 2015-02-02 18:54 Jinwoo Lee
2015-02-02 20:32 ` Tomi Ollila
0 siblings, 1 reply; 16+ messages in thread
From: Jinwoo Lee @ 2015-02-02 18:54 UTC (permalink / raw)
To: notmuch
It's default value is ".", meaning all remote images will be blocked
by default.
---
Addressed review comments.
---
emacs/notmuch-show.el | 27 +++++++++++++++++++--------
1 file changed, 19 insertions(+), 8 deletions(-)
diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
index 66350d4..5d939bb 100644
--- a/emacs/notmuch-show.el
+++ b/emacs/notmuch-show.el
@@ -136,6 +136,13 @@ indentation."
:type 'boolean
:group 'notmuch-show)
+;; By default, block all external images to prevent privacy leaks and
+;; potential attacks.
+(defcustom notmuch-show-text/html-blocked-images "."
+ "Remote images that have URLs matching this regexp will be blocked."
+ :type '(choice (const nil) regexp)
+ :group 'notmuch-show)
+
(defvar notmuch-show-thread-id nil)
(make-variable-buffer-local 'notmuch-show-thread-id)
(put 'notmuch-show-thread-id 'permanent-local t)
@@ -771,14 +778,21 @@ will return nil if the CID is unknown or cannot be retrieved."
;; It's easier to drive shr ourselves than to work around the
;; goofy things `mm-shr' does (like irreversibly taking over
;; content ID handling).
- (notmuch-show--insert-part-text/html-shr msg part)
+
+ ;; FIXME: If we block an image, offer a button to load external
+ ;; images.
+ (let ((shr-blocked-images notmuch-show-text/html-blocked-images))
+ (notmuch-show--insert-part-text/html-shr msg part))
;; Otherwise, let message-mode do the heavy lifting
;;
;; w3m sets up a keymap which "leaks" outside the invisible region
;; and causes strange effects in notmuch. We set
;; mm-inline-text-html-with-w3m-keymap to nil to tell w3m not to
;; set a keymap (so the normal notmuch-show-mode-map remains).
- (let ((mm-inline-text-html-with-w3m-keymap nil))
+ (let ((mm-inline-text-html-with-w3m-keymap nil)
+ ;; FIXME: If we block an image, offer a button to load external
+ ;; images.
+ (gnus-blocked-images notmuch-show-text/html-blocked-images))
(notmuch-show-insert-part-*/* msg part content-type nth depth button))))
;; These functions are used by notmuch-show--insert-part-text/html-shr
@@ -797,17 +811,14 @@ will return nil if the CID is unknown or cannot be retrieved."
;; shr strips the "cid:" part of URL, but doesn't
;; URL-decode it (see RFC 2392).
(let ((cid (url-unhex-string url)))
- (first (notmuch-show--get-cid-content cid)))))
- ;; Block all external images to prevent privacy leaks and
- ;; potential attacks. FIXME: If we block an image, offer a
- ;; button to load external images.
- (shr-blocked-images "."))
+ (first (notmuch-show--get-cid-content cid))))))
(shr-insert-document dom)
t))
(defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)
;; This handler _must_ succeed - it is the handler of last resort.
- (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)
+ (notmuch-mm-display-part-inline msg part content-type
+ notmuch-show-process-crypto)
t)
;; Functions for determining how to handle MIME parts.
--
2.2.2
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.
2015-02-01 21:40 ` Tomi Ollila
@ 2015-02-02 18:59 ` Jinwoo Lee
2015-02-02 22:17 ` David Bremner
0 siblings, 1 reply; 16+ messages in thread
From: Jinwoo Lee @ 2015-02-02 18:59 UTC (permalink / raw)
To: Tomi Ollila, notmuch
Thanks for the review, guys. Sent yet another patch. BTW I'm not sure
if I should specify --in-reply-to when sending updates.
-jinwoo
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.
2015-02-02 18:54 Jinwoo Lee
@ 2015-02-02 20:32 ` Tomi Ollila
2015-02-02 20:41 ` Jinwoo Lee
0 siblings, 1 reply; 16+ messages in thread
From: Tomi Ollila @ 2015-02-02 20:32 UTC (permalink / raw)
To: Jinwoo Lee, notmuch
On Mon, Feb 02 2015, Jinwoo Lee <jinwoo68@gmail.com> wrote:
> It's default value is ".", meaning all remote images will be blocked
> by default.
>
> ---
> Addressed review comments.
Ok, looks good to me. David can perhaps amend away the (accidental)
whitespace change in the last hunk ?
Tomi
> ---
> emacs/notmuch-show.el | 27 +++++++++++++++++++--------
> 1 file changed, 19 insertions(+), 8 deletions(-)
>
> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
> index 66350d4..5d939bb 100644
> --- a/emacs/notmuch-show.el
> +++ b/emacs/notmuch-show.el
> @@ -136,6 +136,13 @@ indentation."
> :type 'boolean
> :group 'notmuch-show)
>
> +;; By default, block all external images to prevent privacy leaks and
> +;; potential attacks.
> +(defcustom notmuch-show-text/html-blocked-images "."
> + "Remote images that have URLs matching this regexp will be blocked."
> + :type '(choice (const nil) regexp)
> + :group 'notmuch-show)
> +
> (defvar notmuch-show-thread-id nil)
> (make-variable-buffer-local 'notmuch-show-thread-id)
> (put 'notmuch-show-thread-id 'permanent-local t)
> @@ -771,14 +778,21 @@ will return nil if the CID is unknown or cannot be retrieved."
> ;; It's easier to drive shr ourselves than to work around the
> ;; goofy things `mm-shr' does (like irreversibly taking over
> ;; content ID handling).
> - (notmuch-show--insert-part-text/html-shr msg part)
> +
> + ;; FIXME: If we block an image, offer a button to load external
> + ;; images.
> + (let ((shr-blocked-images notmuch-show-text/html-blocked-images))
> + (notmuch-show--insert-part-text/html-shr msg part))
> ;; Otherwise, let message-mode do the heavy lifting
> ;;
> ;; w3m sets up a keymap which "leaks" outside the invisible region
> ;; and causes strange effects in notmuch. We set
> ;; mm-inline-text-html-with-w3m-keymap to nil to tell w3m not to
> ;; set a keymap (so the normal notmuch-show-mode-map remains).
> - (let ((mm-inline-text-html-with-w3m-keymap nil))
> + (let ((mm-inline-text-html-with-w3m-keymap nil)
> + ;; FIXME: If we block an image, offer a button to load external
> + ;; images.
> + (gnus-blocked-images notmuch-show-text/html-blocked-images))
> (notmuch-show-insert-part-*/* msg part content-type nth depth button))))
>
> ;; These functions are used by notmuch-show--insert-part-text/html-shr
> @@ -797,17 +811,14 @@ will return nil if the CID is unknown or cannot be retrieved."
> ;; shr strips the "cid:" part of URL, but doesn't
> ;; URL-decode it (see RFC 2392).
> (let ((cid (url-unhex-string url)))
> - (first (notmuch-show--get-cid-content cid)))))
> - ;; Block all external images to prevent privacy leaks and
> - ;; potential attacks. FIXME: If we block an image, offer a
> - ;; button to load external images.
> - (shr-blocked-images "."))
> + (first (notmuch-show--get-cid-content cid))))))
> (shr-insert-document dom)
> t))
>
> (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)
> ;; This handler _must_ succeed - it is the handler of last resort.
> - (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)
> + (notmuch-mm-display-part-inline msg part content-type
> + notmuch-show-process-crypto)
> t)
>
> ;; Functions for determining how to handle MIME parts.
> --
> 2.2.2
>
> _______________________________________________
> notmuch mailing list
> notmuch@notmuchmail.org
> http://notmuchmail.org/mailman/listinfo/notmuch
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.
2015-02-02 20:32 ` Tomi Ollila
@ 2015-02-02 20:41 ` Jinwoo Lee
2015-02-02 21:04 ` Jinwoo Lee
0 siblings, 1 reply; 16+ messages in thread
From: Jinwoo Lee @ 2015-02-02 20:41 UTC (permalink / raw)
To: Tomi Ollila, notmuch
On Mon, Feb 2, 2015 at 12:32 PM, Tomi Ollila <tomi.ollila@iki.fi> wrote:
> On Mon, Feb 02 2015, Jinwoo Lee <jinwoo68@gmail.com> wrote:
>
>> It's default value is ".", meaning all remote images will be blocked
>> by default.
>>
>> ---
>> Addressed review comments.
>
> Ok, looks good to me. David can perhaps amend away the (accidental)
> whitespace change in the last hunk ?
Ah, sorry about that. I can revert if needed.
>
> Tomi
>
>
>> ---
>> emacs/notmuch-show.el | 27 +++++++++++++++++++--------
>> 1 file changed, 19 insertions(+), 8 deletions(-)
>>
>> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
>> index 66350d4..5d939bb 100644
>> --- a/emacs/notmuch-show.el
>> +++ b/emacs/notmuch-show.el
>> @@ -136,6 +136,13 @@ indentation."
>> :type 'boolean
>> :group 'notmuch-show)
>>
>> +;; By default, block all external images to prevent privacy leaks and
>> +;; potential attacks.
>> +(defcustom notmuch-show-text/html-blocked-images "."
>> + "Remote images that have URLs matching this regexp will be blocked."
>> + :type '(choice (const nil) regexp)
>> + :group 'notmuch-show)
>> +
>> (defvar notmuch-show-thread-id nil)
>> (make-variable-buffer-local 'notmuch-show-thread-id)
>> (put 'notmuch-show-thread-id 'permanent-local t)
>> @@ -771,14 +778,21 @@ will return nil if the CID is unknown or cannot be retrieved."
>> ;; It's easier to drive shr ourselves than to work around the
>> ;; goofy things `mm-shr' does (like irreversibly taking over
>> ;; content ID handling).
>> - (notmuch-show--insert-part-text/html-shr msg part)
>> +
>> + ;; FIXME: If we block an image, offer a button to load external
>> + ;; images.
>> + (let ((shr-blocked-images notmuch-show-text/html-blocked-images))
>> + (notmuch-show--insert-part-text/html-shr msg part))
>> ;; Otherwise, let message-mode do the heavy lifting
>> ;;
>> ;; w3m sets up a keymap which "leaks" outside the invisible region
>> ;; and causes strange effects in notmuch. We set
>> ;; mm-inline-text-html-with-w3m-keymap to nil to tell w3m not to
>> ;; set a keymap (so the normal notmuch-show-mode-map remains).
>> - (let ((mm-inline-text-html-with-w3m-keymap nil))
>> + (let ((mm-inline-text-html-with-w3m-keymap nil)
>> + ;; FIXME: If we block an image, offer a button to load external
>> + ;; images.
>> + (gnus-blocked-images notmuch-show-text/html-blocked-images))
>> (notmuch-show-insert-part-*/* msg part content-type nth depth button))))
>>
>> ;; These functions are used by notmuch-show--insert-part-text/html-shr
>> @@ -797,17 +811,14 @@ will return nil if the CID is unknown or cannot be retrieved."
>> ;; shr strips the "cid:" part of URL, but doesn't
>> ;; URL-decode it (see RFC 2392).
>> (let ((cid (url-unhex-string url)))
>> - (first (notmuch-show--get-cid-content cid)))))
>> - ;; Block all external images to prevent privacy leaks and
>> - ;; potential attacks. FIXME: If we block an image, offer a
>> - ;; button to load external images.
>> - (shr-blocked-images "."))
>> + (first (notmuch-show--get-cid-content cid))))))
>> (shr-insert-document dom)
>> t))
>>
>> (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)
>> ;; This handler _must_ succeed - it is the handler of last resort.
>> - (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)
>> + (notmuch-mm-display-part-inline msg part content-type
>> + notmuch-show-process-crypto)
>> t)
>>
>> ;; Functions for determining how to handle MIME parts.
>> --
>> 2.2.2
>>
>> _______________________________________________
>> notmuch mailing list
>> notmuch@notmuchmail.org
>> http://notmuchmail.org/mailman/listinfo/notmuch
^ permalink raw reply [flat|nested] 16+ messages in thread
* [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.
2015-02-02 20:41 ` Jinwoo Lee
@ 2015-02-02 21:04 ` Jinwoo Lee
2015-02-02 21:08 ` Jinwoo Lee
0 siblings, 1 reply; 16+ messages in thread
From: Jinwoo Lee @ 2015-02-02 21:04 UTC (permalink / raw)
To: notmuch
It's default value is ".", meaning all remote images will be blocked
by default.
---
Addressed review comments.
---
emacs/notmuch-show.el | 24 +++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
index 66350d4..f4ad802 100644
--- a/emacs/notmuch-show.el
+++ b/emacs/notmuch-show.el
@@ -136,6 +136,13 @@ indentation."
:type 'boolean
:group 'notmuch-show)
+;; By default, block all external images to prevent privacy leaks and
+;; potential attacks.
+(defcustom notmuch-show-text/html-blocked-images "."
+ "Remote images that have URLs matching this regexp will be blocked."
+ :type '(choice (const nil) regexp)
+ :group 'notmuch-show)
+
(defvar notmuch-show-thread-id nil)
(make-variable-buffer-local 'notmuch-show-thread-id)
(put 'notmuch-show-thread-id 'permanent-local t)
@@ -771,14 +778,21 @@ will return nil if the CID is unknown or cannot be retrieved."
;; It's easier to drive shr ourselves than to work around the
;; goofy things `mm-shr' does (like irreversibly taking over
;; content ID handling).
- (notmuch-show--insert-part-text/html-shr msg part)
+
+ ;; FIXME: If we block an image, offer a button to load external
+ ;; images.
+ (let ((shr-blocked-images notmuch-show-text/html-blocked-images))
+ (notmuch-show--insert-part-text/html-shr msg part))
;; Otherwise, let message-mode do the heavy lifting
;;
;; w3m sets up a keymap which "leaks" outside the invisible region
;; and causes strange effects in notmuch. We set
;; mm-inline-text-html-with-w3m-keymap to nil to tell w3m not to
;; set a keymap (so the normal notmuch-show-mode-map remains).
- (let ((mm-inline-text-html-with-w3m-keymap nil))
+ (let ((mm-inline-text-html-with-w3m-keymap nil)
+ ;; FIXME: If we block an image, offer a button to load external
+ ;; images.
+ (gnus-blocked-images notmuch-show-text/html-blocked-images))
(notmuch-show-insert-part-*/* msg part content-type nth depth button))))
;; These functions are used by notmuch-show--insert-part-text/html-shr
@@ -797,11 +811,7 @@ will return nil if the CID is unknown or cannot be retrieved."
;; shr strips the "cid:" part of URL, but doesn't
;; URL-decode it (see RFC 2392).
(let ((cid (url-unhex-string url)))
- (first (notmuch-show--get-cid-content cid)))))
- ;; Block all external images to prevent privacy leaks and
- ;; potential attacks. FIXME: If we block an image, offer a
- ;; button to load external images.
- (shr-blocked-images "."))
+ (first (notmuch-show--get-cid-content cid))))))
(shr-insert-document dom)
t))
--
2.2.2
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.
2015-02-02 21:04 ` Jinwoo Lee
@ 2015-02-02 21:08 ` Jinwoo Lee
2015-02-02 22:15 ` David Bremner
0 siblings, 1 reply; 16+ messages in thread
From: Jinwoo Lee @ 2015-02-02 21:08 UTC (permalink / raw)
To: notmuch
And what's the process for checking the code in? I just push to the
repo?
-jinwoo
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.
2015-02-02 21:08 ` Jinwoo Lee
@ 2015-02-02 22:15 ` David Bremner
2015-02-02 22:24 ` Jinwoo Lee
0 siblings, 1 reply; 16+ messages in thread
From: David Bremner @ 2015-02-02 22:15 UTC (permalink / raw)
To: Jinwoo Lee, notmuch
Jinwoo Lee <jinwoo68@gmail.com> writes:
> And what's the process for checking the code in? I just push to the
> repo?
>
> -jinwoo
Hi Jinwoo;
I pushed it. We're pretty miserly with push access, but once you get
through the reviews, getting the code in is quick.
Welcome aboard ;).
d
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.
2015-02-02 18:59 ` Jinwoo Lee
@ 2015-02-02 22:17 ` David Bremner
0 siblings, 0 replies; 16+ messages in thread
From: David Bremner @ 2015-02-02 22:17 UTC (permalink / raw)
To: Jinwoo Lee, Tomi Ollila, notmuch
Jinwoo Lee <jinwoo68@gmail.com> writes:
> Thanks for the review, guys. Sent yet another patch. BTW I'm not sure
> if I should specify --in-reply-to when sending updates.
>
> -jinwoo
It's up to you. I generally specify in-reply-to unless the thread alread
seems too long.
d
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.
2015-02-02 22:15 ` David Bremner
@ 2015-02-02 22:24 ` Jinwoo Lee
0 siblings, 0 replies; 16+ messages in thread
From: Jinwoo Lee @ 2015-02-02 22:24 UTC (permalink / raw)
To: David Bremner, notmuch
On Mon, Feb 2, 2015 at 02:15 PM, David Bremner <david@tethera.net> wrote:
> Jinwoo Lee <jinwoo68@gmail.com> writes:
>
>> And what's the process for checking the code in? I just push to the
>> repo?
>>
>> -jinwoo
>
> Hi Jinwoo;
>
> I pushed it. We're pretty miserly with push access, but once you get
> through the reviews, getting the code in is quick.
Great.
>
> Welcome aboard ;).
Thanks! Hope I can contribute more soon.
>
> d
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2015-02-02 22:24 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-01-29 21:35 [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images Jinwoo Lee
2015-01-31 0:10 ` Jinwoo Lee
2015-02-01 21:36 ` David Edmondson
2015-02-01 21:42 ` Tomi Ollila
2015-02-01 21:45 ` Tomi Ollila
2015-02-01 21:40 ` Tomi Ollila
2015-02-02 18:59 ` Jinwoo Lee
2015-02-02 22:17 ` David Bremner
-- strict thread matches above, loose matches on Subject: below --
2015-02-02 18:54 Jinwoo Lee
2015-02-02 20:32 ` Tomi Ollila
2015-02-02 20:41 ` Jinwoo Lee
2015-02-02 21:04 ` Jinwoo Lee
2015-02-02 21:08 ` Jinwoo Lee
2015-02-02 22:15 ` David Bremner
2015-02-02 22:24 ` Jinwoo Lee
2015-01-29 17:28 Jinwoo Lee
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).