GNU bug report logs - #74218
[PATCH] Ask confirmation before sending region to search engine.

Previous Next

Package: emacs;

Reported by: Fabio Natali <me <at> fabionatali.com>

Date: Wed, 6 Nov 2024 00:57:02 UTC

Severity: normal

Tags: patch

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Fabio Natali <me <at> fabionatali.com>
Subject: bug#74218: closed (Re: bug#74218: [PATCH] Ask confirmation before
 sending region to search engine.)
Date: Sat, 21 Dec 2024 09:00:03 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#74218: [PATCH] Ask confirmation before sending region to search engine.

which was filed against the emacs package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 74218 <at> debbugs.gnu.org.

-- 
74218: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=74218
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Eli Zaretskii <eliz <at> gnu.org>
To: Fabio Natali <me <at> fabionatali.com>
Cc: rpluim <at> gmail.com, 74218-done <at> debbugs.gnu.org, me <at> eshelyaron.com,
 stefankangas <at> gmail.com
Subject: Re: bug#74218: [PATCH] Ask confirmation before sending region to
 search engine.
Date: Sat, 21 Dec 2024 10:58:57 +0200

> From: Fabio Natali <me <at> fabionatali.com>
> Cc: rpluim <at> gmail.com, me <at> eshelyaron.com, 74218 <at> debbugs.gnu.org,
>  stefankangas <at> gmail.com
> Date: Wed, 18 Dec 2024 17:51:24 +0000
> 
> On 2024-12-04, 13:08 +0000, Fabio Natali <me <at> fabionatali.com> wrote:
> > On 2024-11-30, 12:48 +0200, Eli Zaretskii <eliz <at> gnu.org> wrote:
> >> The latest patch LGTM, but your legal paperwork of copyright
> >> assignment is not yet complete, is it? So we are waiting for it to be
> >> completed, and will install at that time.
> 
> (No rush, but I wanted to share that the copyright assignment process
> has now been completed, as confirmed to me by the FSF
> copyright-clerk <at> fsf.org. Cheers, Fabio.)

Thanks, I've now installed the changes on the master branch, and I'm
closing this bug.


[Message part 3 (message/rfc822, inline)]
From: Fabio Natali <me <at> fabionatali.com>
To: bug-gnu-emacs <at> gnu.org
Cc: Fabio Natali <me <at> fabionatali.com>
Subject: [PATCH] Ask confirmation before sending region to search engine.
Date: Wed,  6 Nov 2024 00:46:46 +0000

* lisp/net/eww.el (eww-search-confirm-send-region,
eww-search-words): With 'eww-search-words' (by default bound to 'M-s
M-w') a user can type in some search terms and get back the results
of a web search from a predefined search engine. If a region is
selected, 'eww-search-words' will use that for the web search
instead of prompting the user.

In its current form, 'eww-search-words' presents a security and
usability problem. It is relatively too easy to mistakenly launch
the function and, if a region of text is selected, have potentially
sensitive data sent out to a third-party service.

This commit changes the search function's default behaviour so that
explicit confirmation is required before a region is sent to a
search engine. The behaviour can be adjusted via the
newly-introduced 'eww-search-confirm-send-region' variable, which is
set to true by default.
---
Hiya,

This is to change the default behaviour of the 'eww-search-words' function. The
provided commit message provides some context around why I think the change is
necessary.

I tentatively marked 'eww-search-confirm-send-region' as introduced in 30.0. Let
me know if and when you think it makes sense to merge this and therefore whether
30.0 should be changed to any later number.

I hope the commit looks alright but should any change be needed, please just let
me know. This is my first commit to Emacs - any feedback is more than welcome!

Thanks, best wishes, Fabio.


 lisp/net/eww.el | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/lisp/net/eww.el b/lisp/net/eww.el
index 2d351dff88f..8f503757f68 100644
--- a/lisp/net/eww.el
+++ b/lisp/net/eww.el
@@ -52,6 +52,15 @@
   :group 'eww
   :type 'string)
 
+(defcustom eww-search-confirm-send-region t
+  "Non-nil if Emacs should confirm sending the selected region to
+the configured search engine.  This is the default to mitigate the
+risk of accidental data leak.  Set this variable to nil to send
+the region to the search engine straightaway."
+  :version "30.0"
+  :group 'eww
+  :type 'boolean)
+
 (defcustom eww-search-prefix "https://duckduckgo.com/html/?q="
   "Prefix URL to search engine."
   :version "24.4"
@@ -603,10 +612,15 @@ user for a search string.  See the variable `eww-search-prefix'
 for the search engine used."
   (interactive)
   (if (use-region-p)
-      (let ((region-string (buffer-substring (region-beginning) (region-end))))
-        (if (not (string-match-p "\\`[ \n\t\r\v\f]*\\'" region-string))
-            (eww region-string)
-          (call-interactively #'eww)))
+      (when (or (not eww-search-confirm-send-region)
+                (yes-or-no-p
+                 (format-message
+                  "Send region to the configured search engine? ")))
+        (let ((region-string (buffer-substring (region-beginning)
+                                               (region-end))))
+          (if (not (string-match-p "\\`[ \n\t\r\v\f]*\\'" region-string))
+              (eww region-string)
+            (call-interactively #'eww))))
     (call-interactively #'eww)))
 
 (defun eww--open-url-in-new-buffer (url)
-- 
2.46.0
This bug report was last modified 208 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.