GNU bug report logs - #74218
[PATCH] Ask confirmation before sending region to search engine.

Previous Next

Full log

View this message in rfc822 format

From: Fabio Natali <me <at> fabionatali.com>
To: 74218 <at> debbugs.gnu.org
Cc: Fabio Natali <me <at> fabionatali.com>
Subject: bug#74218: [PATCH] Ask confirmation before sending region to search engine.
Date: Wed,  6 Nov 2024 00:46:46 +0000

* lisp/net/eww.el (eww-search-confirm-send-region,
eww-search-words): With 'eww-search-words' (by default bound to 'M-s
M-w') a user can type in some search terms and get back the results
of a web search from a predefined search engine. If a region is
selected, 'eww-search-words' will use that for the web search
instead of prompting the user.

In its current form, 'eww-search-words' presents a security and
usability problem. It is relatively too easy to mistakenly launch
the function and, if a region of text is selected, have potentially
sensitive data sent out to a third-party service.

This commit changes the search function's default behaviour so that
explicit confirmation is required before a region is sent to a
search engine. The behaviour can be adjusted via the
newly-introduced 'eww-search-confirm-send-region' variable, which is
set to true by default.
---
Hiya,

This is to change the default behaviour of the 'eww-search-words' function. The
provided commit message provides some context around why I think the change is
necessary.

I tentatively marked 'eww-search-confirm-send-region' as introduced in 30.0. Let
me know if and when you think it makes sense to merge this and therefore whether
30.0 should be changed to any later number.

I hope the commit looks alright but should any change be needed, please just let
me know. This is my first commit to Emacs - any feedback is more than welcome!

Thanks, best wishes, Fabio.


 lisp/net/eww.el | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/lisp/net/eww.el b/lisp/net/eww.el
index 2d351dff88f..8f503757f68 100644
--- a/lisp/net/eww.el
+++ b/lisp/net/eww.el
@@ -52,6 +52,15 @@
   :group 'eww
   :type 'string)
 
+(defcustom eww-search-confirm-send-region t
+  "Non-nil if Emacs should confirm sending the selected region to
+the configured search engine.  This is the default to mitigate the
+risk of accidental data leak.  Set this variable to nil to send
+the region to the search engine straightaway."
+  :version "30.0"
+  :group 'eww
+  :type 'boolean)
+
 (defcustom eww-search-prefix "https://duckduckgo.com/html/?q="
   "Prefix URL to search engine."
   :version "24.4"
@@ -603,10 +612,15 @@ user for a search string.  See the variable `eww-search-prefix'
 for the search engine used."
   (interactive)
   (if (use-region-p)
-      (let ((region-string (buffer-substring (region-beginning) (region-end))))
-        (if (not (string-match-p "\\`[ \n\t\r\v\f]*\\'" region-string))
-            (eww region-string)
-          (call-interactively #'eww)))
+      (when (or (not eww-search-confirm-send-region)
+                (yes-or-no-p
+                 (format-message
+                  "Send region to the configured search engine? ")))
+        (let ((region-string (buffer-substring (region-beginning)
+                                               (region-end))))
+          (if (not (string-match-p "\\`[ \n\t\r\v\f]*\\'" region-string))
+              (eww region-string)
+            (call-interactively #'eww))))
     (call-interactively #'eww)))
 
 (defun eww--open-url-in-new-buffer (url)
-- 
2.46.0

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.