branch: elpa/hyperdrive
commit 1e9b892e87979d3da5e9a1f04d0255a620500214
Merge: 541eeafdf9 ba7c8c6c58
Author: Joseph Turner <jos...@ushin.org>
Commit: Joseph Turner <jos...@ushin.org>
Add hyperdrive-mark-as-safe command
---
CHANGELOG.org | 3 ++-
doc/hyperdrive.org | 24 ++++++++++++++++--------
doc/hyperdrive.texi | 27 +++++++++++++++++++--------
hyperdrive-lib.el | 6 +++---
hyperdrive-menu.el | 12 ++++++++++++
hyperdrive.el | 45 +++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 97 insertions(+), 20 deletions(-)
diff --git a/CHANGELOG.org b/CHANGELOG.org
index d4f6d9e636..35e2d28cdf 100644
--- a/CHANGELOG.org
+++ b/CHANGELOG.org
@@ -13,7 +13,8 @@ installation with ~M-x hyperdrive-install~, and a faster
directory UI!
- By default, don't automatically load major mode when browsing
hyperdrive files. To enable this behavior for certain trusted
- hyperdrives, see user option ~h/safe-hyperdrives~.
+ hyperdrives, mark them as "safe" with ~M-x hyperdrive-mark-as-safe~,
+ which is also bound in ~hyperdrive-menu~ and the hyperdrive menu bar.
** Added
diff --git a/doc/hyperdrive.org b/doc/hyperdrive.org
index 4cd10f8ceb..5a8e70ce05 100644
--- a/doc/hyperdrive.org
+++ b/doc/hyperdrive.org
@@ -319,15 +319,11 @@ default:
Jump to the parent hyperdrive directory from a hyperdrive file or
directory buffer. This command remaps the global ~dired-jump~ keybinding.
-The following customization options affect how files are displayed:
-
-- User Option: hyperdrive-safe-hyperdrives ::
+For security reasons, ~hyperdrive.el~ does not enable major modes based
+on file extension unless the hyperdrive has been marked as "safe" with
+~M-x hyperdrive-mark-as-safe~ (see [[*Mark a hyperdrive as safe]]).
- List of hyperdrive public keys to be considered safe. When a
- hyperdrive is considered safe, browsing files within it will cause a
- major code to automatically load, running code that could
- potentially cause harm on your system. Please be careful when
- adding a trusted public key to this list.
+The following customization options affect how files are displayed:
- User Option: hyperdrive-render-html ::
@@ -700,6 +696,18 @@ The following keybindings are available in
~hyperdrive-mirror-mode~:
Fold or unfold the section at point.
+** Mark a hyperdrive as safe
+
+For security reasons, ~hyperdrive.el~ does not enable major modes based
+on file extension unless the hyperdrive has been marked as "safe."
+
+- Command: hyperdrive-mark-as-safe ::
+
+ Mark a hyperdrive as "safe," which will cause major modes to be
+ automatically be enabled based on file extension when opening files
+ within that hyperdrive. Files in hyperdrives which are "not safe"
+ (the default) are opened in ~fundamental-mode~.
+
** Purge a hyperdrive
*Data which has been purged from your local machine may still be
diff --git a/doc/hyperdrive.texi b/doc/hyperdrive.texi
index 8c8042be08..04d14fb3e0 100644
--- a/doc/hyperdrive.texi
+++ b/doc/hyperdrive.texi
@@ -91,6 +91,7 @@ Usage
* Stream audio and video::
* Download hyperdrive files::
* Upload files from your filesystem::
+* Mark a hyperdrive as safe::
* Purge a hyperdrive::
* Non-interactive use::
* Org-transclusion integration::
@@ -292,6 +293,7 @@ On the network it still may be there.
* Stream audio and video::
* Download hyperdrive files::
* Upload files from your filesystem::
+* Mark a hyperdrive as safe::
* Purge a hyperdrive::
* Non-interactive use::
* Org-transclusion integration::
@@ -564,15 +566,11 @@ Jump to the parent hyperdrive directory from a hyperdrive
file or
directory buffer. This command remaps the global @code{dired-jump} keybinding.
@end table
-The following customization options affect how files are displayed:
+For security reasons, @code{hyperdrive.el} does not enable major modes based
+on file extension unless the hyperdrive has been marked as ``safe'' with
+@code{M-x hyperdrive-mark-as-safe} (see @ref{Mark a hyperdrive as safe}).
-@defopt hyperdrive-safe-hyperdrives
-List of hyperdrive public keys to be considered safe. When a
-hyperdrive is considered safe, browsing files within it will cause a
-major code to automatically load, running code that could
-potentially cause harm on your system. Please be careful when
-adding a trusted public key to this list.
-@end defopt
+The following customization options affect how files are displayed:
@defopt hyperdrive-render-html
Control how HTML hyperdrive files are displayed. By default, HTML
@@ -1011,6 +1009,19 @@ Upload all of the files in the ``To Upload'' section.
Fold or unfold the section at point.
@end table
+@node Mark a hyperdrive as safe
+@section Mark a hyperdrive as safe
+
+For security reasons, @code{hyperdrive.el} does not enable major modes based
+on file extension unless the hyperdrive has been marked as ``safe.''
+
+@deffn Command hyperdrive-mark-as-safe
+Mark a hyperdrive as ``safe,'' which will cause major modes to be
+automatically be enabled based on file extension when opening files
+within that hyperdrive. Files in hyperdrives which are ``not safe''
+(the default) are opened in @code{fundamental-mode}.
+@end deffn
+
@node Purge a hyperdrive
@section Purge a hyperdrive
diff --git a/hyperdrive-lib.el b/hyperdrive-lib.el
index c57bf161a9..fd930e1bec 100644
--- a/hyperdrive-lib.el
+++ b/hyperdrive-lib.el
@@ -85,7 +85,8 @@ Passes ARGS to `format-message'."
(metadata nil :documentation "Public metadata alist.")
(latest-version nil :documentation "Latest known version of hyperdrive.")
(etc nil :documentation "Alist of extra data.
-- disk-usage :: Number of bytes occupied locally by the drive."))
+- disk-usage :: Number of bytes occupied locally by the drive.
+- safep :: Whether or not to treat this hyperdrive as safe."))
(defun h/url (hyperdrive)
"Return a \"hyper://\"-prefixed URL from a HYPERDRIVE struct.
@@ -1352,8 +1353,7 @@ If then, then call THEN with no arguments. Default
handler."
(or (not (h/writablep hyperdrive)) version))
(set-buffer-modified-p nil)
(set-visited-file-modtime (current-time))))
- (when (member (hyperdrive-public-key hyperdrive)
- h/safe-hyperdrives)
+ (when (map-elt (hyperdrive-etc hyperdrive) 'safep)
(let ((buffer-file-name (he/name entry)))
(set-auto-mode)))
(when target
diff --git a/hyperdrive-menu.el b/hyperdrive-menu.el
index 63b1e92657..31d4b5f974 100644
--- a/hyperdrive-menu.el
+++ b/hyperdrive-menu.el
@@ -276,6 +276,7 @@
("p" h/menu-set-petname :transient t)
("n" h/menu-set-nickname :transient t
:inapt-if-not (lambda () (h/writablep (h/menu--scope))))
+ ("S" h/menu-mark-as-safe :transient t)
( :info (lambda () (h//format (h/menu--scope) "Domain: %D" h/raw-formats))
:if (lambda () (h/domains (h/menu--scope))))
(:info (lambda () (format "Latest version: %s" (h/latest-version
(h/menu--scope)))))
@@ -460,6 +461,17 @@
(h/menu--scope)))
(h/set-nickname nickname hyperdrive))
+(transient-define-suffix h/menu-mark-as-safe (hyperdrive safep)
+ :description
+ (lambda ()
+ (format "Safe: %s"
+ (if (alist-get 'safep (h/etc (h/menu--scope)))
+ (propertize "Yes" 'face 'success)
+ (propertize "No" 'face 'error))))
+ (interactive
+ (list (h/menu--scope) (not (alist-get 'safep (h/etc (h/menu--scope))))))
+ (h/mark-as-safe hyperdrive safep))
+
;;;; Menu Utilities
(defun h/menu--scope ()
diff --git a/hyperdrive.el b/hyperdrive.el
index 6cab5ad8aa..a89faa6465 100644
--- a/hyperdrive.el
+++ b/hyperdrive.el
@@ -151,6 +151,40 @@ hyperdrive, the new hyperdrive's petname will be set to
SEED."
(h/persist hyperdrive)
(h/open (h/url-entry url)))))
+;;;###autoload
+(defun hyperdrive-mark-as-safe (hyperdrive safep)
+ "Mark HYPERDRIVE as safe according to SAFEP.
+Interactively, prompt for hyperdrive and action."
+ (interactive
+ (pcase-let* ((hyperdrive (h/complete-hyperdrive :force-prompt t))
+ ((cl-struct hyperdrive (etc (map safep))) hyperdrive)
+ (mark-safe-p
+ (pcase (read-answer
+ (format "Mark hyperdrive `%s' as: (currently: %s) "
+ (h//format-hyperdrive hyperdrive)
+ (if safep
+ (propertize "safe" 'face 'success)
+ (propertize "unsafe" 'face 'error)))
+ '(("safe" ?S "Mark as safe")
+ ("unsafe" ?u "Mark as unsafe")
+ ("info" ?i "show Info manual section about safety")
+ ("quit" ?q "quit")))
+ ((or ?S "safe") t)
+ ((or ?u "unsafe") nil)
+ ((or ?i "info") :info)
+ (_ :quit))))
+ (list hyperdrive mark-safe-p)))
+ (pcase safep
+ (:info (info "(hyperdrive) Mark a hyperdrive as safe"))
+ (:quit nil)
+ (_ (setf (map-elt (h/etc hyperdrive) 'safep) safep)
+ (h/persist hyperdrive)
+ (message "Marked hyperdrive `%s' as %s."
+ (h//format-hyperdrive hyperdrive)
+ (if safep
+ (propertize "safe" 'face 'success)
+ (propertize "unsafe" 'face 'error))))))
+
;;;###autoload
(defun hyperdrive-purge (hyperdrive)
"Purge all data corresponding to HYPERDRIVE."
@@ -926,6 +960,17 @@ The return value of this function is the retrieval buffer."
(pcase (alist-get 'name (h/metadata drive))
(`nil "none")
(it it))))
+ (vector "Mark as Safe"
+ `(lambda ()
+ (interactive)
+ (let
((h/current-entry ,entry))
+
(call-interactively #'h/mark-as-safe)))
+ :help "Mark
hyperdrive as safe or not"
+ :label
+ (format-message
"Mark as Safe: `%s'"
+
(if (alist-get 'safep (h/etc drive))
+
"safe"
+
"unsafe")))
"---"
(vector "Purge"
`(lambda ()
