[Date Prev][Date Next][Thread Prev][][Date Index][Thread Index]

Re: emacs-w3m and vm

emacs user wrote:
hi all,
When reading my email with gnu emacs 23.1, vm and emacs-w3m from cvs, I encounter the following problem. when reading an html mail, I would like to have an external browser be invoked when I press enter or middle-mouse on one of the links that appears in the email. so I defined (set (make-local-variable 'w3m-goto-article-function) vm-url-browser)) however, when I do this, after clicking a link I get a message that this link is considered to be unsafe, use the prefix arg to view anyway.
after using a prefix arg, I get:
are you really sure you want to follow this link ... (yes or no)
I would like to eliminate these warning messages and currently the only way I found is to set(setq vm-w3m-safe-url-regexp nil)
but presumably this is not a good idea for safety reasons. can anyone suggest a different approach for solving this problem?

If I may add some more information, the variable vm-w3m-safe-url-regexp is just used to initialize w3m-safe-url-regexp.  This is from the interface file vm-w3m.el based on the original version by Katsumi Yamaoka.  The documentation of the variable reproduced below, seems to imply that this has effect for only embedded images.

Indeed, the current version W3M 1.4.4 seems to work this way.  It blocks downloading images other than via the 'cid' URL's, but it allows http URL's to be followed normally.  However, the development version of W3M obtained via CVS, is not working this way.  It is blocking *all* URL's other than 'cid' (for both images and http).  We are not sure if this _new_ behavior is a bug or a feature.

Uday Reddy
VM Development Team


vm-w3m-safe-url-regexp is a variable defined in `vm-w3m.el'.
Its value is "\\`cid:"

Regexp matching URLs which are considered to be safe.
Some HTML mails might contain a nasty trick used by spammers, using
the <img> tag which is far more evil than the [Click Here!] button.
It is most likely intended to check whether the ominous spam mail has
reached your eyes or not, in which case the spammer knows for sure
that your email address is valid.  It is done by embedding an
identifier string into a URL that you might automatically retrieve
when displaying the image.  The default value is "\\`cid:" which only
matches parts embedded to the Multipart/Related type MIME contents and
VM will never connect to the spammer's site arbitrarily.  You may set
this variable to nil if you consider all urls to be safe.