Link considered unsafe

Link considered unsafe

[Stefan Hübner]

Hi all,

whenever I'm trying to browse URLs found in articles, Gnus complains
"This link is considered unsafe...". I couldn't find any hints about
this feature and how to turn it off. Can anybody help me with a pointer
to some documentation or other resource?

Thanks,
Stefan

Re: Link considered unsafe

[Reiner Steib]

On Thu, May 28 2009, Stefan Hübner wrote:

> whenever I'm trying to browse URLs found in articles, Gnus complains
> "This link is considered unsafe...". I couldn't find any hints about
> this feature and how to turn it off. 

That is because it is not Gnus that complains - at least I never heard
of this and I couldn't find this string in the Gnus sources (nor in
Emacs).

> Can anybody help me with a pointer to some documentation or other
> resource?

Does it happen with HTML or text mails. 

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: Link considered unsafe

[Richard Riley]

Reiner Steib <reinersteib+gmane@imap.cc> writes:

> On Thu, May 28 2009, Stefan Hübner wrote:
>
>> whenever I'm trying to browse URLs found in articles, Gnus complains
>> "This link is considered unsafe...". I couldn't find any hints about
>> this feature and how to turn it off. 
>
> That is because it is not Gnus that complains - at least I never heard
> of this and I couldn't find this string in the Gnus sources (nor in
> Emacs).
>
>> Can anybody help me with a pointer to some documentation or other
>> resource?
>
> Does it happen with HTML or text mails. 
>
> Bye, Reiner.

It's w3m that complains I think.

Try

`mm-w3m-safe-url-regexp

Re: Link considered unsafe

[David Engster]

Reiner Steib <reinersteib+gmane@imap.cc> writes:
> On Thu, May 28 2009, Stefan Hübner wrote:
>
>> whenever I'm trying to browse URLs found in articles, Gnus complains
>> "This link is considered unsafe...". I couldn't find any hints about
>> this feature and how to turn it off. 
>
> That is because it is not Gnus that complains - at least I never heard
> of this and I couldn't find this string in the Gnus sources (nor in
> Emacs).

I know this message from emacs-w3m. Frobbing the variables
w3m-safe-url-regexp and mm-w3m-safe-url-regexp should help.

-David

Re: Link considered unsafe

[Stefan Hübner]

Richard Riley <rileyrgdev@googlemail.com> writes:

> Reiner Steib <reinersteib+gmane@imap.cc> writes:
>
>> On Thu, May 28 2009, Stefan Hübner wrote:
>>
>>> whenever I'm trying to browse URLs found in articles, Gnus complains
>>> "This link is considered unsafe...". I couldn't find any hints about
>>> this feature and how to turn it off. 
>>
>> That is because it is not Gnus that complains - at least I never heard
>> of this and I couldn't find this string in the Gnus sources (nor in
>> Emacs).
>>
>>> Can anybody help me with a pointer to some documentation or other
>>> resource?
>>
>> Does it happen with HTML or text mails. 
>>
>> Bye, Reiner.
>
> It's w3m that complains I think.

Yes, you're right. I'm using w3m - forgot to mention, sorry.

> Try
>
> `mm-w3m-safe-url-regexp

Thanks!

-Stefan

Re: Link considered unsafe

[Stefan Hübner]

David Engster <deng@randomsample.de> writes:

> Reiner Steib <reinersteib+gmane@imap.cc> writes:
>> On Thu, May 28 2009, Stefan Hübner wrote:
>>
>>> whenever I'm trying to browse URLs found in articles, Gnus complains
>>> "This link is considered unsafe...". I couldn't find any hints about
>>> this feature and how to turn it off. 
>>
>> That is because it is not Gnus that complains - at least I never heard
>> of this and I couldn't find this string in the Gnus sources (nor in
>> Emacs).
>
> I know this message from emacs-w3m. Frobbing the variables
> w3m-safe-url-regexp and mm-w3m-safe-url-regexp should help.

thanks for your hints!

-Stefan

Re: Link considered unsafe

[Ted Zlatanov]

On Thu, 28 May 2009 21:48:14 +0200 David Engster <deng@randomsample.de> wrote: 

DE> Reiner Steib <reinersteib+gmane@imap.cc> writes:
>> On Thu, May 28 2009, Stefan Hübner wrote:
>> 
>>> whenever I'm trying to browse URLs found in articles, Gnus complains
>>> "This link is considered unsafe...". I couldn't find any hints about
>>> this feature and how to turn it off. 
>> 
>> That is because it is not Gnus that complains - at least I never heard
>> of this and I couldn't find this string in the Gnus sources (nor in
>> Emacs).

DE> I know this message from emacs-w3m. Frobbing the variables
DE> w3m-safe-url-regexp and mm-w3m-safe-url-regexp should help.

The variable names are confusing, since they actually match unsafe
URLs.  Maybe we should have mm-w3m-dangerous-url-regexp and in w3m, the
corresponding w3m-dangerous-url-regexp?

Ted

Re: Link considered unsafe

[Paul Mead]

Ted Zlatanov <tzz@lifelogs.com> writes:

> On Thu, 28 May 2009 21:48:14 +0200 David Engster <deng@randomsample.de> wrote: 
>
> DE> Reiner Steib <reinersteib+gmane@imap.cc> writes:
>>> On Thu, May 28 2009, Stefan Hübner wrote:
>>> 
>>>> whenever I'm trying to browse URLs found in articles, Gnus complains
>>>> "This link is considered unsafe...". I couldn't find any hints about
>>>> this feature and how to turn it off. 
>>> 
>>> That is because it is not Gnus that complains - at least I never heard
>>> of this and I couldn't find this string in the Gnus sources (nor in
>>> Emacs).
>
> DE> I know this message from emacs-w3m. Frobbing the variables
> DE> w3m-safe-url-regexp and mm-w3m-safe-url-regexp should help.
>
> The variable names are confusing, since they actually match unsafe
> URLs.  Maybe we should have mm-w3m-dangerous-url-regexp and in w3m, the
> corresponding w3m-dangerous-url-regexp?
>
> Ted
I've been having trouble with this since upgrading to emacs v23. I'm
sharing exactly the same config on v22 and urls open without complaint.

Hmm, come to think of it, my problem with stuck messages only happens on
the v23 machine too...

Paul

Re: Link considered unsafe

[Reiner Steib]

On Wed, Jul 08 2009, Paul Mead wrote:

> Ted Zlatanov <tzz@lifelogs.com> writes:
>> David Engster <deng@randomsample.de> wrote: 
>> DE> I know this message from emacs-w3m. Frobbing the variables
>> DE> w3m-safe-url-regexp and mm-w3m-safe-url-regexp should help.
>>
>> The variable names are confusing, since they actually match unsafe
>> URLs.  

Huh?  Please elaborate.

>> Maybe we should have mm-w3m-dangerous-url-regexp and in w3m, the
>> corresponding w3m-dangerous-url-regexp?
>>
>> Ted
> I've been having trouble with this since upgrading to emacs v23. I'm
> sharing exactly the same config on v22 and urls open without complaint.

Which Gnus version do you run with Emacs 22? (see the variable
`gnus-version').

> Hmm, come to think of it, my problem with stuck messages only happens on
> the v23 machine too...

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: Link considered unsafe

[Ted Zlatanov]

On Wed, 08 Jul 2009 21:17:15 +0200 Reiner Steib <reinersteib+gmane@imap.cc> wrote: 

>> Ted Zlatanov <tzz@lifelogs.com> writes:
>>> David Engster <deng@randomsample.de> wrote: 
DE> I know this message from emacs-w3m. Frobbing the variables
DE> w3m-safe-url-regexp and mm-w3m-safe-url-regexp should help.
>>> 
>>> The variable names are confusing, since they actually match unsafe
>>> URLs.  

RS> Huh?  Please elaborate.

You have to set mm-w3m-safe-url-regexp to match unsafe things which will
not be rendered; set it to nil and you get everything.  What's "safe,"
the underlying algorithm or the data we're filtering out or the data
we're keeping?

Ted

Re: Link considered unsafe

[Paul Mead]

Reiner Steib <reinersteib+gmane@imap.cc> writes:

>
> Which Gnus version do you run with Emacs 22? (see the variable
> `gnus-version').
>
>> Hmm, come to think of it, my problem with stuck messages only happens on
>> the v23 machine too...
>
> Bye, Reiner.
Hi Reiner

I've got Gnus v5.11 on emacs 22 and v5.13 on emacs 23.

Thanks
Paul

Re: Link considered unsafe

[Paul Mead]

Reiner Steib <reinersteib+gmane@imap.cc> writes:

> Which Gnus version do you run with Emacs 22? (see the variable
> `gnus-version').
>
> Bye, Reiner.
Hi, can I give this thread a bump? I still have the problem with having
to provide a prefix arg, even though the value of w3m-safe-url-regexp is
set to nil.

Any ideas?
Thanks
Paul

Re: Link considered unsafe

[Ted Zlatanov]

On Tue, 28 Jul 2009 16:52:30 +0100 Paul Mead <paul.d.mead@gmail.com> wrote: 

PM> Reiner Steib <reinersteib+gmane@imap.cc> writes:
>> Which Gnus version do you run with Emacs 22? (see the variable
>> `gnus-version').
>> 
>> Bye, Reiner.
PM> Hi, can I give this thread a bump? I still have the problem with having
PM> to provide a prefix arg, even though the value of w3m-safe-url-regexp is
PM> set to nil.

Can you try this?  It's what I use.  I think it overrides w3m-safe-url-regexp.

(setq mm-w3m-safe-url-regexp nil)

Ted

Re: Link considered unsafe

[Paul Mead]

Ted Zlatanov <tzz@lifelogs.com> writes:

>
> Can you try this?  It's what I use.  I think it overrides w3m-safe-url-regexp.
>
> (setq mm-w3m-safe-url-regexp nil)
>
> Ted

Hi Ted

well, I'm a little mystified but that seems to have worked! I'm
mystified because I checked the value of that variable too and according
to the help it was already set to nil.

Strange, but I'm not complaining, just glad it works! Thanks for
helping me out.

Paul

Re: Link considered unsafe

[Reiner Steib]

On Wed, Jul 29 2009, Paul Mead wrote:

> well, I'm a little mystified but that seems to have worked! I'm
> mystified because I checked the value of that variable too and according
> to the help it was already set to nil.

Where?

,----[ (info "(emacs-mime)Display Customization") ]
| `mm-w3m-safe-url-regexp'
|      A regular expression that matches safe URL names, i.e. URLs that
|      are unlikely to leak personal information when rendering HTML
|      email (the default value is `\\`cid:').  If `nil' consider all
|      URLs safe.
`----

> Strange, but I'm not complaining, just glad it works!

Keep in mind that it is unsafe!

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: Link considered unsafe

[Paul Mead]

Reiner Steib <reinersteib+gmane@imap.cc> writes:

>
>> well, I'm a little mystified but that seems to have worked! I'm
>> mystified because I checked the value of that variable too and according
>> to the help it was already set to nil.
>
> Where?
>
> ,----[ (info "(emacs-mime)Display Customization") ]
> | `mm-w3m-safe-url-regexp'
> |      A regular expression that matches safe URL names, i.e. URLs that
> |      are unlikely to leak personal information when rendering HTML
> |      email (the default value is `\\`cid:').  If `nil' consider all
> |      URLs safe.
> `----

I used C-h v mm-w3m-safe-url-regexp RET. It said that current value was nil.

>
>> Strange, but I'm not complaining, just glad it works!
>
> Keep in mind that it is unsafe!
>
...sure, but I can make that decision before clicking a link though,
can't I?

Re: Link considered unsafe

[Ted Zlatanov]

On Thu, 30 Jul 2009 06:16:50 +0100 Paul Mead <paul.d.mead@gmail.com> wrote: 

PM> Reiner Steib <reinersteib+gmane@imap.cc> writes:
>> ,----[ (info "(emacs-mime)Display Customization") ]
>> | `mm-w3m-safe-url-regexp'
>> |      A regular expression that matches safe URL names, i.e. URLs that
>> |      are unlikely to leak personal information when rendering HTML
>> |      email (the default value is `\\`cid:').  If `nil' consider all
>> |      URLs safe.
>> `----

>> Keep in mind that it is unsafe!
>> 
PM> ...sure, but I can make that decision before clicking a link though,
PM> can't I?

Actually I was wondering why it is unsafe to visit links in w3m.  If
anything, w3m is the safest web browser I use daily, much better than
IE, Firefox, Chrome, Opera, or Safari because it doesn't even attempt to
run JavaScript.  What personal information is this talking about?  Is it
"trackback" links that notify the document author that you've looked at
their document?  If so, the word "unsafe" is probably too strong, I'd
call them "dubious" and stop there.  

In any case, this is basic functionality that users should not have to
enable.  In addition it's not easy to configure this.  What am I, the
user, supposed to put in it?  I think it's unfair to expect the user to
configure such minutae.

Ted

Re: Link considered unsafe

[ky]

>>>>> Ted Zlatanov <tzz@lifelogs.com> wrote:
[...]
> Actually I was wondering why it is unsafe to visit links in w3m.  If
> anything, w3m is the safest web browser I use daily, much better than
> IE, Firefox, Chrome, Opera, or Safari because it doesn't even attempt to
> run JavaScript.  What personal information is this talking about?
[...]

We considered image tags, that will be accessed without clicking
those links.  By special letters laid in the url, spammers will
know that your mail address is reachable.

Re: Link considered unsafe

[Katsumi Yamaoka]

>>>>> Ted Zlatanov wrote:
> On Thu, 30 Jul 2009 16:03:39 -0700 (PDT) ky <yamaoka@jpl.org> wrote:

>>>>>>> Ted Zlatanov <tzz@lifelogs.com> wrote:
k> [...]
>>> Actually I was wondering why it is unsafe to visit links in w3m.  If
>>> anything, w3m is the safest web browser I use daily, much better than
>>> IE, Firefox, Chrome, Opera, or Safari because it doesn't even attempt to
>>> run JavaScript.  What personal information is this talking about?
k> [...]

k> We considered image tags, that will be accessed without clicking
k> those links.  By special letters laid in the url, spammers will
k> know that your mail address is reachable.

> The problems are:

> 1) all image links are disabled because of this small improvement in security

> 2) it's impossible to configure by a regular user, and (I would argue)
> very hard even by an expert, with a regex.

> I thought about it, and have some suggestions:

> - always allow image links in RSS (nnrss should set it, or mm-w3m-*
>   should be aware it's inside a nnrss article buffer)

Maybe the groups can be controllable.  For example:

(defcustom mm-w3m-safe-groups "\\`nnrss[+:]"
  "Groups in which html articles are considered all safe.
The value may be a regexp matching those groups, a list of group names,
or nil.  This overrides `mm-w3m-safe-url-regexp'.")

That looks good and easy to implement, though I have no time for
the moment.

> - allow a 'ask option so the user can build a whitelist of approved
>   servers, and save that whitelist

> - allow image links if the headers or spam.el say it's not spam

> I don't know what's the right approach, but I hope you will consider my
> suggestions.

> Ted

BTW, don't all you know the way to access unsafe links?  That is
`C-u RET' on links in html articles.

Regards,

P.S. I'm going to go to the business trip, so I may not have time
to read news for some time.

Re: Link considered unsafe

[Ted Zlatanov]

On Tue, 04 Aug 2009 19:58:40 +0900 Katsumi Yamaoka <yamaoka@jpl.org> wrote: 

>>>>>> Ted Zlatanov wrote:
>> - always allow image links in RSS (nnrss should set it, or mm-w3m-*
>> should be aware it's inside a nnrss article buffer)

KY> Maybe the groups can be controllable.  For example:

KY> (defcustom mm-w3m-safe-groups "\\`nnrss[+:]"
KY>   "Groups in which html articles are considered all safe.
KY> The value may be a regexp matching those groups, a list of group names,
KY> or nil.  This overrides `mm-w3m-safe-url-regexp'.")

KY> That looks good and easy to implement, though I have no time for
KY> the moment.

I think that's reasonable.  Looks like mm-decode.el and mm-view.el need
to be modified.  If no one else is interested I'll put it on my TODO list.

KY> BTW, don't all you know the way to access unsafe links?  That is
KY> `C-u RET' on links in html articles.

The problem is that calling the link "unsafe" scares the user.
Furthermore, demanding different (RET vs C-u RET) keyboard actions from
the user requires a mental context switch that distracts from the actual
goal (visiting the link).

Ted

Re: Link considered unsafe

[Katsumi Yamaoka]

[-- Attachment #1: Type: text/plain, Size: 1831 bytes --]

>>>>> Ted Zlatanov <tzz@lifelogs.com> wrote:
> On Tue, 04 Aug 2009 19:58:40 +0900 Katsumi Yamaoka <yamaoka@jpl.org> wrote:

KY> Maybe the groups can be controllable.  For example:

KY> (defcustom mm-w3m-safe-groups "\\`nnrss[+:]"
KY>   "Groups in which html articles are considered all safe.
KY> The value may be a regexp matching those groups, a list of group names,
KY> or nil.  This overrides `mm-w3m-safe-url-regexp'.")

> I think that's reasonable.  Looks like mm-decode.el and mm-view.el need
> to be modified.  If no one else is interested I'll put it on my TODO list.

I thought making mm-*.el modules depend on Gnus (i.e., referring
to Gnus' variables like `gnus-newsgroup-name') is a wrong approach
because not only Gnus but also MH-E uses them.  So I changed it
into the Gnus variable as follows:

(defcustom gnus-safe-html-groups "\\`nnrss[+:]"
  "Groups in which links in html articles are considered all safe.
The value may be a regexp matching those groups, a list of group names,
or nil.  This overrides `mm-w3m-safe-url-regexp' (which see).  This is
effective only when emacs-w3m renders html articles, i.e., in the case
`mm-text-html-renderer' is set to `w3m'."
  :version "23.2"
  :group 'gnus-group-various
  :type '(choice regexp
		 (repeat :tag "List of group names" (string :tag "Group"))
		 (const nil)))

The patch that uses it is below.  There I made no change in mm-*.el
modules.  What do you think about the option name and the macro name?

KY> BTW, don't all you know the way to access unsafe links?  That is
KY> `C-u RET' on links in html articles.

> The problem is that calling the link "unsafe" scares the user.
> Furthermore, demanding different (RET vs C-u RET) keyboard actions from
> the user requires a mental context switch that distracts from the actual
> goal (visiting the link).

I see.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 3206 bytes --]

--- gnus-group.el~	2009-07-10 11:55:43 +0000
+++ gnus-group.el	2009-08-10 11:31:28 +0000
@@ -110,6 +110,17 @@
   :group 'gnus-group-listing
   :type '(choice regexp (const nil)))
 
+(defcustom gnus-safe-html-groups "\\`nnrss[+:]"
+  "Groups in which links in html articles are considered all safe.
+The value may be a regexp matching those groups, a list of group names,
+or nil.  This overrides `mm-w3m-safe-url-regexp' (which see).  This is
+effective only when emacs-w3m renders html articles, i.e., in the case
+`mm-text-html-renderer' is set to `w3m'."
+  :group 'gnus-group-various
+  :type '(choice regexp
+		 (repeat :tag "List of group names" (string :tag "Group"))
+		 (const nil)))
+
 (defcustom gnus-list-groups-with-ticked-articles t
   "*If non-nil, list groups that have only ticked articles.
 If nil, only list groups that have unread articles."
--- gnus-art.el~	2009-07-23 23:54:28 +0000
+++ gnus-art.el	2009-08-10 11:31:28 +0000
@@ -4740,6 +4740,17 @@
 		(vector (caddr c) (car c) :active t))
 	      gnus-mime-button-commands)))
 
+(defmacro gnus-bind-safe-url-regexp (&rest body)
+  "Bind `mm-w3m-safe-url-regexp' according to `gnus-safe-html-groups'."
+  `(let ((mm-w3m-safe-url-regexp
+	  (if (cond ((stringp gnus-safe-html-groups)
+		     (string-match gnus-safe-html-groups gnus-newsgroup-name))
+		    ((consp gnus-safe-html-groups)
+		     (member gnus-newsgroup-name gnus-safe-html-groups)))
+	      nil
+	    mm-w3m-safe-url-regexp)))
+     ,@body))
+
 (defun gnus-mime-button-menu (event prefix)
  "Construct a context-sensitive menu of MIME commands."
  (interactive "e\nP")
@@ -4765,7 +4776,7 @@
 	(or (search-forward "\n\n") (goto-char (point-max)))
 	(let ((inhibit-read-only t))
 	  (delete-region (point) (point-max))
-	  (mm-display-parts handles))))))
+	  (gnus-bind-safe-url-regexp (mm-display-parts handles)))))))
 
 (defun gnus-article-jump-to-part (n)
   "Jump to MIME part N."
@@ -5267,7 +5278,7 @@
       (when handle
 	(if (mm-handle-undisplayer handle)
 	    (mm-remove-part handle)
-	  (mm-display-part handle))))))
+	  (gnus-bind-safe-url-regexp (mm-display-part handle)))))))
 
 (defun gnus-mime-action-on-part (&optional action)
   "Do something with the MIME attachment at \(point\)."
@@ -5488,7 +5499,7 @@
 		    (save-restriction
 		      (narrow-to-region (point)
 					(if (eobp) (point) (1+ (point))))
-		      (mm-display-part handle)
+		      (gnus-bind-safe-url-regexp (mm-display-part handle))
 		      ;; We narrow to the part itself and
 		      ;; then call the treatment functions.
 		      (goto-char (point-min))
@@ -5767,7 +5778,7 @@
 				       (set-buffer gnus-summary-buffer)
 				     (error))
 				   gnus-newsgroup-ignored-charsets)))
-	      (mm-display-part handle t))
+	      (gnus-bind-safe-url-regexp (mm-display-part handle t)))
 	    (goto-char (point-max)))
 	   ((and text not-attachment)
 	    (when move
@@ -5903,7 +5914,7 @@
 		  (mail-parse-ignored-charsets
 		   (with-current-buffer gnus-summary-buffer
 		     gnus-newsgroup-ignored-charsets)))
-	      (mm-display-part preferred)
+	      (gnus-bind-safe-url-regexp (mm-display-part preferred))
 	      ;; Do highlighting.
 	      (save-excursion
 		(save-restriction

[-- Attachment #3: Type: text/plain, Size: 161 bytes --]

_______________________________________________
info-gnus-english mailing list
info-gnus-english@gnu.org
http://lists.gnu.org/mailman/listinfo/info-gnus-english

Re: Link considered unsafe

[Ted Zlatanov]

On Mon, 10 Aug 2009 20:35:03 +0900 Katsumi Yamaoka <yamaoka@jpl.org> wrote: 

...
KY> The patch that uses it is below.  There I made no change in mm-*.el
KY> modules.  What do you think about the option name and the macro name?

I think that's wonderful, and the default is exactly what it should be
(nnrss groups only).  Thank you for taking the time to work on it.

Ted

Re: Link considered unsafe

[Katsumi Yamaoka]

>>>>> Ted Zlatanov <tzz@lifelogs.com> wrote:

> On Mon, 10 Aug 2009 20:35:03 +0900 Katsumi Yamaoka <yamaoka@jpl.org> wrote:

> ...
KY> The patch that uses it is below.  There I made no change in mm-*.el
KY> modules.  What do you think about the option name and the macro name?

> I think that's wonderful, and the default is exactly what it should be
> (nnrss groups only).  Thank you for taking the time to work on it.

Installed in the Gnus trunk.  I've changed the option name
`gnus-safe-html-groups' into `gnus-safe-html-newsgroups' since
the `-groups' suffix seems to be used for variables concerning
group parameters.