From: Jinwoo Lee <jinwoo68@gmail.com>
To: Tomi Ollila <tomi.ollila@iki.fi>, notmuch@notmuchmail.org
Subject: Re: [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.
Date: Mon, 02 Feb 2015 12:41:31 -0800 [thread overview]
Message-ID: <yq65lhkgqc5g.fsf@jinwoo-macbookair.roam.corp.google.com> (raw)
In-Reply-To: <m27fw0awc3.fsf@guru.guru-group.fi>
On Mon, Feb 2, 2015 at 12:32 PM, Tomi Ollila <tomi.ollila@iki.fi> wrote:
> On Mon, Feb 02 2015, Jinwoo Lee <jinwoo68@gmail.com> wrote:
>
>> It's default value is ".", meaning all remote images will be blocked
>> by default.
>>
>> ---
>> Addressed review comments.
>
> Ok, looks good to me. David can perhaps amend away the (accidental)
> whitespace change in the last hunk ?
Ah, sorry about that. I can revert if needed.
>
> Tomi
>
>
>> ---
>> emacs/notmuch-show.el | 27 +++++++++++++++++++--------
>> 1 file changed, 19 insertions(+), 8 deletions(-)
>>
>> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
>> index 66350d4..5d939bb 100644
>> --- a/emacs/notmuch-show.el
>> +++ b/emacs/notmuch-show.el
>> @@ -136,6 +136,13 @@ indentation."
>> :type 'boolean
>> :group 'notmuch-show)
>>
>> +;; By default, block all external images to prevent privacy leaks and
>> +;; potential attacks.
>> +(defcustom notmuch-show-text/html-blocked-images "."
>> + "Remote images that have URLs matching this regexp will be blocked."
>> + :type '(choice (const nil) regexp)
>> + :group 'notmuch-show)
>> +
>> (defvar notmuch-show-thread-id nil)
>> (make-variable-buffer-local 'notmuch-show-thread-id)
>> (put 'notmuch-show-thread-id 'permanent-local t)
>> @@ -771,14 +778,21 @@ will return nil if the CID is unknown or cannot be retrieved."
>> ;; It's easier to drive shr ourselves than to work around the
>> ;; goofy things `mm-shr' does (like irreversibly taking over
>> ;; content ID handling).
>> - (notmuch-show--insert-part-text/html-shr msg part)
>> +
>> + ;; FIXME: If we block an image, offer a button to load external
>> + ;; images.
>> + (let ((shr-blocked-images notmuch-show-text/html-blocked-images))
>> + (notmuch-show--insert-part-text/html-shr msg part))
>> ;; Otherwise, let message-mode do the heavy lifting
>> ;;
>> ;; w3m sets up a keymap which "leaks" outside the invisible region
>> ;; and causes strange effects in notmuch. We set
>> ;; mm-inline-text-html-with-w3m-keymap to nil to tell w3m not to
>> ;; set a keymap (so the normal notmuch-show-mode-map remains).
>> - (let ((mm-inline-text-html-with-w3m-keymap nil))
>> + (let ((mm-inline-text-html-with-w3m-keymap nil)
>> + ;; FIXME: If we block an image, offer a button to load external
>> + ;; images.
>> + (gnus-blocked-images notmuch-show-text/html-blocked-images))
>> (notmuch-show-insert-part-*/* msg part content-type nth depth button))))
>>
>> ;; These functions are used by notmuch-show--insert-part-text/html-shr
>> @@ -797,17 +811,14 @@ will return nil if the CID is unknown or cannot be retrieved."
>> ;; shr strips the "cid:" part of URL, but doesn't
>> ;; URL-decode it (see RFC 2392).
>> (let ((cid (url-unhex-string url)))
>> - (first (notmuch-show--get-cid-content cid)))))
>> - ;; Block all external images to prevent privacy leaks and
>> - ;; potential attacks. FIXME: If we block an image, offer a
>> - ;; button to load external images.
>> - (shr-blocked-images "."))
>> + (first (notmuch-show--get-cid-content cid))))))
>> (shr-insert-document dom)
>> t))
>>
>> (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)
>> ;; This handler _must_ succeed - it is the handler of last resort.
>> - (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)
>> + (notmuch-mm-display-part-inline msg part content-type
>> + notmuch-show-process-crypto)
>> t)
>>
>> ;; Functions for determining how to handle MIME parts.
>> --
>> 2.2.2
>>
>> _______________________________________________
>> notmuch mailing list
>> notmuch@notmuchmail.org
>> http://notmuchmail.org/mailman/listinfo/notmuch
next prev parent reply other threads:[~2015-02-02 20:41 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-02 18:54 [PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images Jinwoo Lee
2015-02-02 20:32 ` Tomi Ollila
2015-02-02 20:41 ` Jinwoo Lee [this message]
2015-02-02 21:04 ` Jinwoo Lee
2015-02-02 21:08 ` Jinwoo Lee
2015-02-02 22:15 ` David Bremner
2015-02-02 22:24 ` Jinwoo Lee
-- strict thread matches above, loose matches on Subject: below --
2015-01-29 21:35 Jinwoo Lee
2015-01-31 0:10 ` Jinwoo Lee
2015-02-01 21:36 ` David Edmondson
2015-02-01 21:42 ` Tomi Ollila
2015-02-01 21:45 ` Tomi Ollila
2015-02-01 21:40 ` Tomi Ollila
2015-02-02 18:59 ` Jinwoo Lee
2015-02-02 22:17 ` David Bremner
2015-01-29 17:28 Jinwoo Lee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=yq65lhkgqc5g.fsf@jinwoo-macbookair.roam.corp.google.com \
--to=jinwoo68@gmail.com \
--cc=notmuch@notmuchmail.org \
--cc=tomi.ollila@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).