Bug 4630 - Fancy loads remote images when remote content is disabled
Summary: Fancy loads remote images when remote content is disabled
Status: RESOLVED FIXED
Alias: None
Product: Claws Mail
Classification: Unclassified
Component: Plugins/Fancy (show other bugs)
Version: 4.1.0
Hardware: PC Linux
: P3 major
Assignee: users
URL:
Depends on:
Blocks:
 
Reported: 2022-09-27 13:05 UTC by Shai Berger
Modified: 2022-10-19 16:55 UTC (History)
1 user (show)

See Also:

Attachments
An email with an HTML part with remote images (58.27 KB, message/rfc822)
2022-09-27 13:05 UTC, Shai Berger 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Shai Berger 2022-09-27 13:05:23 UTC 
Created attachment 2302 [details]
An email with an HTML part with remote images

Hello,

In my configuration, I set for the Fancy plugin:

"Enable loading of remote content": Off
"Display embedded images": On

Or, in clawsrc:

[fancy]
enable_images=1
enable_remote_content=0

But I see that Fancy does load remote images. That is, when I open the HTML part in the mail, remote images are loaded automatically, with no need for any further interaction on my part.

(I marked this issue as "major" because it looks like a privacy/security issue, I apologize if this is incorrect)
(Issue 4361 looks related but it is about another plugin)

Attaching a message where this manifests for completeness, but I believe these are common enough...
Comment 1 Paul 2022-09-27 13:39:46 UTC 
This is a change outside of the plugin.
Comment 2 Michael Rasmussen 2022-09-27 14:21:16 UTC 
Comment on attachment 2302 [details]
An email with an HTML part with remote images

You have this configured: "Display embedded images": On

This means that if all images are embedded they will be loaded.
Comment 3 Paul 2022-09-27 15:37:31 UTC 
On this system, since webkit2gtk3 2.38.0 (it seems) this problem has arisen. Loading an html part now prints on the console:

** (claws-mail:3178): CRITICAL **: 12:39:13.883: void webkit_website_data_manager_set_network_proxy_settings(WebKitWebsiteDataManager*, WebKitNetworkProxyMode, WebKitNetworkProxySettings*): assertion '(proxyMode != WEBKIT_NETWORK_PROXY_MODE_CUSTOM && !proxySettings) || (proxyMode == WEBKIT_NETWORK_PROXY_MODE_CUSTOM && proxySettings)' failed


So it seems that the proxy cheat to block remote content is no longer working.
It seems that we now need to do this:

 * Connect to WebKitWebExtension::page-created signal
 * Get the WebKitWebPage and connect to WebKitWebPage::send-request signal
 * Return TRUE to block the request
Comment 4 Paul 2022-09-27 15:45:46 UTC 
Definitely not related to bug #4361, though.
Comment 5 Michael Rasmussen 2022-09-27 15:50:21 UTC 
(In reply to Paul from comment #4)
Didn't someone from the webkit team for some time ago explained exactly the same as you? He explained our current solution was using deprecated features in webkit?
Comment 6 Paul 2022-09-27 15:55:49 UTC 
Yes, I was contacted directly, and passed on this info to the devel ml. Unfortunately, that time is now upon us.

Patches welcome.
Comment 7 Paul 2022-09-27 17:20:08 UTC 
(In reply to Michael Rasmussen from comment #5)

BTW, it's not that our solution was using deprecated features, it's just that our solution was using webkit proxy is a way that it was never intended to be used, and this misuse is now no longer giving the result we acquired.
Comment 8 Paul 2022-10-19 16:55:21 UTC 
fixed in git.
Note You need to log in before you can comment on or make changes to this bug.