--- Begin Message ---
|
Subject: |
[PATCH] Ask confirmation before sending region to search engine. |
|
Date: |
Wed, 6 Nov 2024 00:46:46 +0000 |
* lisp/net/eww.el (eww-search-confirm-send-region,
eww-search-words): With 'eww-search-words' (by default bound to 'M-s
M-w') a user can type in some search terms and get back the results
of a web search from a predefined search engine. If a region is
selected, 'eww-search-words' will use that for the web search
instead of prompting the user.
In its current form, 'eww-search-words' presents a security and
usability problem. It is relatively too easy to mistakenly launch
the function and, if a region of text is selected, have potentially
sensitive data sent out to a third-party service.
This commit changes the search function's default behaviour so that
explicit confirmation is required before a region is sent to a
search engine. The behaviour can be adjusted via the
newly-introduced 'eww-search-confirm-send-region' variable, which is
set to true by default.
---
Hiya,
This is to change the default behaviour of the 'eww-search-words' function. The
provided commit message provides some context around why I think the change is
necessary.
I tentatively marked 'eww-search-confirm-send-region' as introduced in 30.0. Let
me know if and when you think it makes sense to merge this and therefore whether
30.0 should be changed to any later number.
I hope the commit looks alright but should any change be needed, please just let
me know. This is my first commit to Emacs - any feedback is more than welcome!
Thanks, best wishes, Fabio.
lisp/net/eww.el | 22 ++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
diff --git a/lisp/net/eww.el b/lisp/net/eww.el
index 2d351dff88f..8f503757f68 100644
--- a/lisp/net/eww.el
+++ b/lisp/net/eww.el
@@ -52,6 +52,15 @@
:group 'eww
:type 'string)
+(defcustom eww-search-confirm-send-region t
+ "Non-nil if Emacs should confirm sending the selected region to
+the configured search engine. This is the default to mitigate the
+risk of accidental data leak. Set this variable to nil to send
+the region to the search engine straightaway."
+ :version "30.0"
+ :group 'eww
+ :type 'boolean)
+
(defcustom eww-search-prefix "https://duckduckgo.com/html/?q=";
"Prefix URL to search engine."
:version "24.4"
@@ -603,10 +612,15 @@ user for a search string. See the variable
`eww-search-prefix'
for the search engine used."
(interactive)
(if (use-region-p)
- (let ((region-string (buffer-substring (region-beginning) (region-end))))
- (if (not (string-match-p "\\`[ \n\t\r\v\f]*\\'" region-string))
- (eww region-string)
- (call-interactively #'eww)))
+ (when (or (not eww-search-confirm-send-region)
+ (yes-or-no-p
+ (format-message
+ "Send region to the configured search engine? ")))
+ (let ((region-string (buffer-substring (region-beginning)
+ (region-end))))
+ (if (not (string-match-p "\\`[ \n\t\r\v\f]*\\'" region-string))
+ (eww region-string)
+ (call-interactively #'eww))))
(call-interactively #'eww)))
(defun eww--open-url-in-new-buffer (url)
--
2.46.0
--- End Message ---
--- Begin Message ---
|
Subject: |
Re: bug#74218: [PATCH] Ask confirmation before sending region to search engine. |
|
Date: |
Sat, 21 Dec 2024 10:58:57 +0200 |
> From: Fabio Natali <me@fabionatali.com>
> Cc: rpluim@gmail.com, me@eshelyaron.com, 74218@debbugs.gnu.org,
> stefankangas@gmail.com
> Date: Wed, 18 Dec 2024 17:51:24 +0000
>
> On 2024-12-04, 13:08 +0000, Fabio Natali <me@fabionatali.com> wrote:
> > On 2024-11-30, 12:48 +0200, Eli Zaretskii <eliz@gnu.org> wrote:
> >> The latest patch LGTM, but your legal paperwork of copyright
> >> assignment is not yet complete, is it? So we are waiting for it to be
> >> completed, and will install at that time.
>
> (No rush, but I wanted to share that the copyright assignment process
> has now been completed, as confirmed to me by the FSF
> copyright-clerk@fsf.org. Cheers, Fabio.)
Thanks, I've now installed the changes on the master branch, and I'm
closing this bug.
--- End Message ---