emacs-diffs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

master 31f3a760c50 1/2: Ask confirmation before EWW sends region to a se

From: Eli Zaretskii
Subject: master 31f3a760c50 1/2: Ask confirmation before EWW sends region to a search engine
Date: Sat, 21 Dec 2024 03:58:19 -0500 (EST) 
branch: master
commit 31f3a760c504e76ae06805e5cc5c325b06e4a9ad
Author: Fabio Natali <me@fabionatali.com>
Commit: Eli Zaretskii <eliz@gnu.org>

    Ask confirmation before EWW sends region to a search engine
    
    With 'eww-search-words' (by default bound to 'M-s M-w') a user
    can type in some search terms and get back the results of a web
    search from a predefined search engine.  If a region is selected,
    'eww-search-words' will use that for the web search instead of
    prompting the user.
    In its current form, 'eww-search-words' presents a security and
    usability problem.  It is relatively too easy to mistakenly
    launch the function and, if a region of text is selected, have
    potentially sensitive data sent out to a third-party service.
    This commit changes the search function's default behaviour so
    that explicit confirmation is required before a region is sent
    to a search engine.  The behaviour can be adjusted via the
    newly-introduced 'eww-search-confirm-send-region' variable,
    which is set to true by default.
    * lisp/net/eww.el (eww-search-confirm-send-region): Add.
    (eww-search-words): Update default 'eww-search-words' behaviour
    so as to ask confirmation before sending the region to a search
    engine.  (Bug#74218)
---
 lisp/net/eww.el | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/lisp/net/eww.el b/lisp/net/eww.el
index 9b4bbca2e3e..319b1e72fbb 100644
--- a/lisp/net/eww.el
+++ b/lisp/net/eww.el
@@ -52,6 +52,17 @@
   :group 'eww
   :type 'string)
 
+(defcustom eww-search-confirm-send-region t
+  "Whether to confirm before sending a region to a search engine.
+Non-nil if EWW should ask confirmation before sending the
+selected region to the configured search engine.  This is the
+default to mitigate the risk of accidental data leak.  Set this
+variable to nil to send the region to the search engine
+straightaway."
+  :version "31.1"
+  :group 'eww
+  :type 'boolean)
+
 (defcustom eww-search-prefix "https://duckduckgo.com/html/?q=";
   "Prefix URL to search engine."
   :version "24.4"
@@ -605,7 +616,12 @@ for the search engine used."
   (if (use-region-p)
       (let ((region-string (buffer-substring (region-beginning) (region-end))))
         (if (not (string-match-p "\\`[ \n\t\r\v\f]*\\'" region-string))
-            (eww region-string)
+            (when
+                (or (not eww-search-confirm-send-region)
+                    (yes-or-no-p
+                     (format-message
+                      "Really send the entire region to the search engine? ")))
+              (eww region-string))
           (call-interactively #'eww)))
     (call-interactively #'eww)))
reply via email to
[Prev in Thread] Current Thread [Next in Thread]