src/Gui/ExternalElementsWidget.cpp

   1 /* Copyright (C) 2006 - 2014 Jan Kundrát <jkt@flaska.net>
   2
   3    This file is part of the Trojita Qt IMAP e-mail client,
   4    http://trojita.flaska.net/
   5
   6    This program is free software; you can redistribute it and/or
   7    modify it under the terms of the GNU General Public License as
   8    published by the Free Software Foundation; either version 2 of
   9    the License or (at your option) version 3 or any later version
  10    accepted by the membership of KDE e.V. (or its successor approved
  11    by the membership of KDE e.V.), which shall act as a proxy
  12    defined in Section 14 of version 3 of the license.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22 #include "ExternalElementsWidget.h"
  23
  24 #include <QHBoxLayout>
  25 #include <QLabel>
  26 #include <QPushButton>
  27
  28 namespace Gui
  29 {
  30
  31 ExternalElementsWidget::ExternalElementsWidget(QWidget *parent):
  32     QWidget(parent)
  33 {
  34     QHBoxLayout *layout = new QHBoxLayout(this);
  35     loadStuffButton = new QPushButton(tr("Load"), this);
  36     QLabel *lbl = new QLabel(tr("This e-mail wants to load external entities from the Internet"), this);
  37     layout->addWidget(lbl);
  38     layout->addWidget(loadStuffButton);
  39     layout->addStretch();
  40     setSizePolicy(QSizePolicy::Preferred, QSizePolicy::Fixed);
  41     connect(loadStuffButton, &QAbstractButton::clicked, this, &ExternalElementsWidget::loadingEnabled);
  42
  43     /*
  44     FIXME: would be cool to have more clear error messages
  45
  46     Also perhaps provide a list of URLs of external entities? But note that
  47     the current implementation is an "all or nothing" -- once the user clicks
  48     the "allow external entities" button, they will be enabled for the current
  49     message until it is closed. Therefore, it is possible that user allows requests
  50     to a presumably "safe site", but something evil subsequently asks for something
  51     from a malicious, third-party site. I'm not sure how they'd do that, though, given
  52     that we already do disable JavaScript...
  53
  54     */
  55
  56 }
  57
  58 }