[PATCH] emacs: Add a defcustom that specifies regexp for blocked remote images.

Tomi Ollila tomi.ollila at iki.fi
Sun Feb 1 13:40:52 PST 2015


On Thu, Jan 29 2015, Jinwoo Lee <jinwoo68 at gmail.com> wrote:

> It's default value is ".", meaning all remote images will be blocked
> by default.
>
> ---
> This time setting gnus-blocked-images from the correct place.
> ---
>  emacs/notmuch-show.el | 23 ++++++++++++++++++-----
>  1 file changed, 18 insertions(+), 5 deletions(-)
>
> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
> index 66350d4..6f38e0c 100644
> --- a/emacs/notmuch-show.el
> +++ b/emacs/notmuch-show.el
> @@ -136,6 +136,11 @@ indentation."
>    :type 'boolean
>    :group 'notmuch-show)
>  
> +(defcustom notmuch-show-text/html-blocked-images "."
> +  "Remote images that have URLs matching this regexp will be blocked."
> +  :type '(choice (const nil) regexp)
> +  :group 'notmuch-show)
> +
>  (defvar notmuch-show-thread-id nil)
>  (make-variable-buffer-local 'notmuch-show-thread-id)
>  (put 'notmuch-show-thread-id 'permanent-local t)
> @@ -798,16 +803,24 @@ will return nil if the CID is unknown or cannot be retrieved."
>  	   ;; URL-decode it (see RFC 2392).
>  	   (let ((cid (url-unhex-string url)))
>  	     (first (notmuch-show--get-cid-content cid)))))
> -	;; Block all external images to prevent privacy leaks and
> -	;; potential attacks.  FIXME: If we block an image, offer a
> -	;; button to load external images.
> -	(shr-blocked-images "."))
> +	;; By default, block all external images to prevent privacy
> +	;; leaks and potential attacks.  FIXME: If we block an image,
> +	;; offer a button to load external images.

This comment looks little weird; maybe the "Block all external images to
prevent privacy leaks and potential attacks." part could be moved to
the defcustom part and leave the FIXME part here 

> +	(shr-blocked-images notmuch-show-text/html-blocked-images))
>      (shr-insert-document dom)
>      t))
>  
>  (defun notmuch-show-insert-part-*/* (msg part content-type nth depth button)
>    ;; This handler _must_ succeed - it is the handler of last resort.
> -  (notmuch-mm-display-part-inline msg part content-type notmuch-show-process-crypto)
> +
> +  ;; By default, block all external images to prevent privacy leaks
> +  ;; and potential attacks.  FIXME: If we block an image, offer a
> +  ;; button to load external images.
> +  ;; Note that GNUS-BLOCKED-IMAGES is effective only when
> +  ;; MM-TEXT-HTML-RENDERER is 'gnus-w3m.

This last statement should be dropped unless we know for sure that this
is exact -- and rest (sans FIXME) can go to the defcustom...

... and to me, it looks like this is not the most suitable place for this
setting; easiest is to drop it into  notmuch-show-insert-part-text/html
so it is in the same context as the shr. Alternative is to put it to
the earlier place in insert-part handling (or later,
i.e. notmuch-mm-display-part-inline )

> +  (let ((gnus-blocked-images notmuch-show-text/html-blocked-images))
> +    (notmuch-mm-display-part-inline msg part content-type
> +				    notmuch-show-process-crypto))
>    t)

Tomi

>  
>  ;; Functions for determining how to handle MIME parts.
> -- 
> 2.2.2


More information about the notmuch mailing list