emacs
/
mu
mirror of https://github.com/djcb/mu.git
1
0
Fork 0
Code Issues Releases Wiki Activity

mu4e: mention privacy aspects of browser 

Mention the privacy aspects of opening a message in a browser, and what
to do about it.
This commit is contained in:
djcb 2016-03-15 06:40:21 +02:00
parent 6dd3d60402
commit c041ca39ed
2 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
mu4e/mu4e-actions.el
View File

@ -87,13 +87,15 @@ return the filename."
(defun mu4e-action-view-in-browser (msg)
"View the body of the message in a browser.
You can influence the browser to use with the variable
`browse-url-generic-program'."
`browse-url-generic-program', and see the discussion of privacy
aspects in `(mu4e) Displaying rich-text messages'."
(browse-url (concat "file://"
(mu4e~write-body-to-html msg))))
(defun mu4e-action-view-with-xwidget (msg)
"View the body of the message inside xwidget-webkit. This is
only available in emacs 25+."
only available in emacs 25+; also see the discussion of privacy
aspects in `(mu4e) Displaying rich-text messages'."
(unless (fboundp 'xwidget-webkit-browse-url)
(mu4e-error "No xwidget support available"))
(xwidget-webkit-browse-url

14
mu4e/mu4e.texi
View File

@ -1319,7 +1319,6 @@ If your emacs does not have @t{shr} yet, it can be useful to use a
custom method. For that, you can set the variable
@code{mu4e-html2text-command} to either a shell command or a function
instead.
@subsection Html2text commands
@ -1359,6 +1358,17 @@ If @code{mu4e-html2text-command} refers to an elisp function, it is
expected to take the current buffer in html as input, and transform it
into text (just like the @code{html2text} function).
@subsection Privacy aspects
@anchor{Privacy aspects}
When opening your messages in a graphical browser, it may expose you
doing so to the sender, due to the presence of specially crafted image
URLs, or Javascript.
If that is an issue, it is recommended to use a browser (or browser
profile) that does not load images. The same applies to Javascript.
@node MSGV Crypto
@section Crypto
@ -3693,7 +3703,7 @@ defined for this. Simply add to your configuration:
@end lisp
Now, when viewing such a difficult message, type @kbd{aV}, and the message
opens inside a webbrowser. You can influence the browser with
@code{browse-url-generic-program}.
@code{browse-url-generic-program}; and see @ref{Privacy aspects}.
@item @emph{How can read encrypted messages that I sent?}. Since you do not own the
recipient's key you typically cannot read those mails - so the trick is
to encrypt outgoing mails with your key, too. This can be automated by