diff options
| author | Jinwoo Lee <jinwoo68@gmail.com> | 2015-02-02 13:04:52 -0800 |
|---|---|---|
| committer | David Bremner <david@tethera.net> | 2015-02-02 23:07:01 +0100 |
| commit | 2049205e091a8c4dc89fb831dee7e9bb4fb06c15 (patch) | |
| tree | 5d5a1e25f57ce9910bbee011f9dabad05bec98ab | |
| parent | b74ed1cfad09f578e7c05ca5676d9d3d8c512a5e (diff) | |
emacs: Add a defcustom that specifies regexp for blocked remote images.
It's default value is ".", meaning all remote images will be blocked
by default.
| -rw-r--r-- | emacs/notmuch-show.el | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el index 66350d43..f4ad8029 100644 --- a/emacs/notmuch-show.el +++ b/emacs/notmuch-show.el @@ -136,6 +136,13 @@ indentation." :type 'boolean :group 'notmuch-show) +;; By default, block all external images to prevent privacy leaks and +;; potential attacks. +(defcustom notmuch-show-text/html-blocked-images "." + "Remote images that have URLs matching this regexp will be blocked." + :type '(choice (const nil) regexp) + :group 'notmuch-show) + (defvar notmuch-show-thread-id nil) (make-variable-buffer-local 'notmuch-show-thread-id) (put 'notmuch-show-thread-id 'permanent-local t) @@ -771,14 +778,21 @@ will return nil if the CID is unknown or cannot be retrieved." ;; It's easier to drive shr ourselves than to work around the ;; goofy things `mm-shr' does (like irreversibly taking over ;; content ID handling). - (notmuch-show--insert-part-text/html-shr msg part) + + ;; FIXME: If we block an image, offer a button to load external + ;; images. + (let ((shr-blocked-images notmuch-show-text/html-blocked-images)) + (notmuch-show--insert-part-text/html-shr msg part)) ;; Otherwise, let message-mode do the heavy lifting ;; ;; w3m sets up a keymap which "leaks" outside the invisible region ;; and causes strange effects in notmuch. We set ;; mm-inline-text-html-with-w3m-keymap to nil to tell w3m not to ;; set a keymap (so the normal notmuch-show-mode-map remains). - (let ((mm-inline-text-html-with-w3m-keymap nil)) + (let ((mm-inline-text-html-with-w3m-keymap nil) + ;; FIXME: If we block an image, offer a button to load external + ;; images. + (gnus-blocked-images notmuch-show-text/html-blocked-images)) (notmuch-show-insert-part-*/* msg part content-type nth depth button)))) ;; These functions are used by notmuch-show--insert-part-text/html-shr @@ -797,11 +811,7 @@ will return nil if the CID is unknown or cannot be retrieved." ;; shr strips the "cid:" part of URL, but doesn't ;; URL-decode it (see RFC 2392). (let ((cid (url-unhex-string url))) - (first (notmuch-show--get-cid-content cid))))) - ;; Block all external images to prevent privacy leaks and - ;; potential attacks. FIXME: If we block an image, offer a - ;; button to load external images. - (shr-blocked-images ".")) + (first (notmuch-show--get-cid-content cid)))))) (shr-insert-document dom) t)) |