File indexing completed on 2024-11-24 04:53:00
0001 /* Copyright (C) 2006 - 2014 Jan Kundrát <jkt@flaska.net> 0002 0003 This file is part of the Trojita Qt IMAP e-mail client, 0004 http://trojita.flaska.net/ 0005 0006 This program is free software; you can redistribute it and/or 0007 modify it under the terms of the GNU General Public License as 0008 published by the Free Software Foundation; either version 2 of 0009 the License or (at your option) version 3 or any later version 0010 accepted by the membership of KDE e.V. (or its successor approved 0011 by the membership of KDE e.V.), which shall act as a proxy 0012 defined in Section 14 of version 3 of the license. 0013 0014 This program is distributed in the hope that it will be useful, 0015 but WITHOUT ANY WARRANTY; without even the implied warranty of 0016 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 0017 GNU General Public License for more details. 0018 0019 You should have received a copy of the GNU General Public License 0020 along with this program. If not, see <http://www.gnu.org/licenses/>. 0021 */ 0022 #include "ExternalElementsWidget.h" 0023 0024 #include <QHBoxLayout> 0025 #include <QLabel> 0026 #include <QPushButton> 0027 0028 namespace Gui 0029 { 0030 0031 ExternalElementsWidget::ExternalElementsWidget(QWidget *parent): 0032 QWidget(parent) 0033 { 0034 QHBoxLayout *layout = new QHBoxLayout(this); 0035 loadStuffButton = new QPushButton(tr("Load"), this); 0036 QLabel *lbl = new QLabel(tr("This e-mail wants to load external entities from the Internet"), this); 0037 layout->addWidget(lbl); 0038 layout->addWidget(loadStuffButton); 0039 layout->addStretch(); 0040 setSizePolicy(QSizePolicy::Preferred, QSizePolicy::Fixed); 0041 connect(loadStuffButton, &QAbstractButton::clicked, this, &ExternalElementsWidget::loadingEnabled); 0042 0043 /* 0044 FIXME: would be cool to have more clear error messages 0045 0046 Also perhaps provide a list of URLs of external entities? But note that 0047 the current implementation is an "all or nothing" -- once the user clicks 0048 the "allow external entities" button, they will be enabled for the current 0049 message until it is closed. Therefore, it is possible that user allows requests 0050 to a presumably "safe site", but something evil subsequently asks for something 0051 from a malicious, third-party site. I'm not sure how they'd do that, though, given 0052 that we already do disable JavaScript... 0053 0054 */ 0055 0056 } 0057 0058 }