From unknown Sat Sep 13 13:42:36 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#79373 <79373@debbugs.gnu.org> To: bug#79373 <79373@debbugs.gnu.org> Subject: Status: [PATCH] Mark EWW buffers as untrusted Reply-To: bug#79373 <79373@debbugs.gnu.org> Date: Sat, 13 Sep 2025 20:42:36 +0000 retitle 79373 [PATCH] Mark EWW buffers as untrusted reassign 79373 emacs submitter 79373 Steven Allen severity 79373 normal tag 79373 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 02 17:03:03 2025 Received: (at submit) by debbugs.gnu.org; 2 Sep 2025 21:03:03 +0000 Received: from localhost ([127.0.0.1]:36958 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1utY9e-0005Ds-L9 for submit@debbugs.gnu.org; Tue, 02 Sep 2025 17:03:03 -0400 Received: from lists.gnu.org ([2001:470:142::17]:49254) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1utY9c-0005DI-5N for submit@debbugs.gnu.org; Tue, 02 Sep 2025 17:03:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1utY9R-000403-QF for bug-gnu-emacs@gnu.org; Tue, 02 Sep 2025 17:02:51 -0400 Received: from fhigh-a4-smtp.messagingengine.com ([103.168.172.155]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1utY9L-0003q8-Sg for bug-gnu-emacs@gnu.org; Tue, 02 Sep 2025 17:02:45 -0400 Received: from phl-compute-09.internal (phl-compute-09.internal [10.202.2.49]) by mailfhigh.phl.internal (Postfix) with ESMTP id E009F140012E for ; Tue, 2 Sep 2025 17:02:39 -0400 (EDT) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-09.internal (MEProxy); Tue, 02 Sep 2025 17:02:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stebalien.com; h=cc:content-type:content-type:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:subject:subject:to:to; s=fm3; t=1756846959; x=1756933359; bh=0k2DKLADyKfuH1mw5lxZpBsyfdPwW204 oxgbik+DLyM=; b=PSoibsNjKky0GtSHGkHWoiWPvsXfgieHgVuQ3cgMbyJKHefh 4s6i5wbRVire8jFQlCYRTm7ZrnSpiNgAq/p+2rNK7mfFSC2OVWHgcClOVgK67Aeu 877ouuTDnpNSbw62parrlDEfN57jNK6r2hRHHiRBk/TIVAASLha9HItj+R2q0K0U o0IyIbQKrCPu+FZnvS3ga7gsbk8YOH6O/cXZ1q1L+U4huE3felKej9FDpMcvgiji 6xwC0jKxnVBv6aemU2dxEcjKfVzl8ofNkOpFtjt2jTcQBb0DKuauLMh7rLYg2/TV 1J4mow6SIawdfjH4l6/u/wFk+5uj7uRf6ClIsw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1756846959; x= 1756933359; bh=0k2DKLADyKfuH1mw5lxZpBsyfdPwW204oxgbik+DLyM=; b=L EdyPKEYPe36kZ5AazT2fSj3feoK/VDel51WjdwuXX0/qf2ZGymlmX6pjfRJzZWwz wXx+DyM73mPveQ5AtAb/ypaRhNdmSgxRCPxE32e62hWilZtWZQVc09Xk53N51dYW rdGTLzGeWGsBsm4IbmqTr/Qh6KGUBwpe87DJXyTxLO7tFHg9lSEWV3S4SoY/+cC+ HqkiwKYSS6EQL/JfIcs4W7BxLNUQbILRfF9/qhpPPBfx5s1KhumO+9kVIHLDoHY6 XGuel4qXoJCYXhmc2psnMgXJ2pXCOGOrEqFWWXfOdtQSY53UhlGnqhgBgR/wvbxw 6/FGW2B1YVHMRBxqGwiHQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggdduvdekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceurghi lhhouhhtmecufedttdenucenucfjughrpefhvffufffkgggtsehmtderredttddtnecuhf hrohhmpefuthgvvhgvnhcutehllhgvnhcuoehsthgvvhgvnhesshhtvggsrghlihgvnhdr tghomheqnecuggftrfgrthhtvghrnhepkefffffgveethedtieffleffgeekvdeiieeghe eftdetjeekfefhvedttdekfeffnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghm pehmrghilhhfrhhomhepshhtvghvvghnsehsthgvsggrlhhivghnrdgtohhmpdhnsggprh gtphhtthhopedupdhmohguvgepshhmthhpohhuthdprhgtphhtthhopegsuhhgqdhgnhhu qdgvmhgrtghssehgnhhurdhorhhg X-ME-Proxy: Feedback-ID: ie8a146a7:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Tue, 2 Sep 2025 17:02:39 -0400 (EDT) From: Steven Allen To: bug-gnu-emacs@gnu.org Subject: [PATCH] Mark EWW buffers as untrusted X-Debbugs-Cc: Date: Tue, 02 Sep 2025 14:02:37 -0700 Message-ID: <87jz2gr2j6.fsf@stebalien.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Received-SPF: pass client-ip=103.168.172.155; envelope-from=steven@stebalien.com; helo=fhigh-a4-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.7 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.3 (/) --=-=-= Content-Type: text/plain Tags: patch This patch marks EWW buffers as untrusted. This helps protect users if they: 1. Open a file via EWW. 2. Switch to a different major mode for better highlighting/rendering. I often do this myself when viewing org, markdown, emacs lisp, etc. files with EWW. In GNU Emacs 31.0.50 (build 1, x86_64-pc-linux-gnu, cairo version 1.18.4) of 2025-09-01 built on Laptop Repository revision: 102dab0280dc14b5eb180ee13ee3b771bdce973c Repository branch: makepkg Windowing system distributor 'The X.Org Foundation', version 11.0.12101018 System Description: Arch Linux Configured using: 'configure 'CPPFLAGS=-I/run/user/1000/build/emacs-git/src/mps-git/build/include ' 'LDFLAGS=-L/run/user/1000/build/emacs-git/src/mps-git/build/lib -Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -Wl,-z,pack-relative-relocs -flto=auto' --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/lib --localstatedir=/var --mandir=/usr/share/man --with-gameuser=:games --with-modules --without-m17n-flt --without-selinux --without-pop --without-gconf --disable-gc-mark-trace --with-mps=yes --enable-autodepend --enable-link-time-optimization --with-native-compilation=yes --with-xinput2 --with-x-toolkit=no --without-toolkit-scroll-bars --without-xaw3d --without-gsettings --with-cairo-xcb --without-xft --with-sound=no --with-tree-sitter --without-gpm --without-compress-install '--program-transform-name=s/\([ec]tags\)/\1.emacs/' 'CFLAGS=-march=native -mtune=native -O3 -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=3 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -fomit-frame-pointer -fno-math-errno -fno-trapping-math -Os -fno-math-errno -fno-trapping-math -Os -flto=auto'' --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-Mark-EWW-buffers-as-untrusted.patch >From ef423545a94b5ba1651f7a477fa205c13905973c Mon Sep 17 00:00:00 2001 From: Steven Allen Date: Tue, 2 Sep 2025 13:56:46 -0700 Subject: [PATCH] Mark EWW buffers as untrusted EWW itself doesn't care about this flag but it protects users in case they open a file via EWW then switch to a different mode (`untrusted-content' is permanently local). * lisp/net/eww.el (eww-mode): Mark EWW buffers as untrusted. --- lisp/net/eww.el | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lisp/net/eww.el b/lisp/net/eww.el index 6f06302cb3f..cc67db08460 100644 --- a/lisp/net/eww.el +++ b/lisp/net/eww.el @@ -1482,6 +1482,9 @@ eww-mode outline-level 'shr-outline-level) (add-hook 'post-command-hook #'eww-check-text-conversion nil t) (setq buffer-read-only t) + ;; Mark this buffer as untrusted in case the user switches to another + ;; mode (e.g., `emacs-lisp-mode') where this flag matters. + (setq untrusted-content t) ;; Insertion at the first character of a field should inherit the ;; field's face, form and field, not the previous character's. (setq text-property-default-nonsticky '((face . t) (eww-form . t) -- 2.51.0 --=-=-=--