plugins/viewhtml: add opt-in query param to load remote resources

Loading remote resources by default has privacy implications.
author: Simon Ser <[email protected]> 2020-02-25 16:13:10 +0100
committer: Simon Ser <[email protected]> 2020-02-25 16:13:10 +0100
commit: b3f98de1da11e13dea5c08af4f80520258c120cf (patch)
tree: b3a4443b307b222fce6c0d40daf4d2032c14002c /plugins/viewhtml/sanitize.go
parent: a8a3c82579ac244dde56320224f6bd15f17427f7 (diff)
download: alps-b3f98de1da11e13dea5c08af4f80520258c120cf.tar.gz
alps-b3f98de1da11e13dea5c08af4f80520258c120cf.tar.bz2
alps-b3f98de1da11e13dea5c08af4f80520258c120cf.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/plugins/viewhtml/sanitize.go b/plugins/viewhtml/sanitize.go
index a931fe1..ba2aca9 100644
--- a/plugins/viewhtml/sanitize.go
+++ b/plugins/viewhtml/sanitize.go
@@ -71,7 +71,9 @@ var allowedStyles = map[string]bool{
 }
 
 type sanitizer struct {
-	msg *koushinbase.IMAPMessage
+	msg                  *koushinbase.IMAPMessage
+	allowRemoteResources bool
+	hasRemoteResources   bool
 }
 
 func (san *sanitizer) sanitizeImageURL(src string) string {
@@ -94,7 +96,9 @@ func (san *sanitizer) sanitizeImageURL(src string) string {
 
 		return part.URL(true).String()
 	case "https":
-		if !proxyEnabled {
+		san.hasRemoteResources = true
+
+		if !proxyEnabled || !san.allowRemoteResources {
 			return "about:blank"
 		}
author	Simon Ser <[email protected]>	2020-02-25 16:13:10 +0100
committer	Simon Ser <[email protected]>	2020-02-25 16:13:10 +0100
commit	b3f98de1da11e13dea5c08af4f80520258c120cf (patch)
tree	b3a4443b307b222fce6c0d40daf4d2032c14002c /plugins/viewhtml/sanitize.go
parent	a8a3c82579ac244dde56320224f6bd15f17427f7 (diff)
download	alps-b3f98de1da11e13dea5c08af4f80520258c120cf.tar.gz alps-b3f98de1da11e13dea5c08af4f80520258c120cf.tar.bz2 alps-b3f98de1da11e13dea5c08af4f80520258c120cf.zip