aboutsummaryrefslogtreecommitdiffstats
path: root/bin/w3m-sandbox
diff options
context:
space:
mode:
authorterminaldweller <thabogre@gmail.com>2022-07-15 13:47:56 +0000
committerterminaldweller <thabogre@gmail.com>2022-07-15 13:47:56 +0000
commit5a2d75df546df3321b3a20ebe84dae2f91019e84 (patch)
treeca27e5395beee772dc4931110018e135700c7a05 /bin/w3m-sandbox
parentupdates (diff)
downloadscripts-5a2d75df546df3321b3a20ebe84dae2f91019e84.tar.gz
scripts-5a2d75df546df3321b3a20ebe84dae2f91019e84.zip
secrets
Diffstat (limited to 'bin/w3m-sandbox')
-rwxr-xr-xbin/w3m-sandbox99
1 files changed, 99 insertions, 0 deletions
diff --git a/bin/w3m-sandbox b/bin/w3m-sandbox
new file mode 100755
index 0000000..3560442
--- /dev/null
+++ b/bin/w3m-sandbox
@@ -0,0 +1,99 @@
+#!/usr/bin/env dash
+# https://git.sr.ht/~seirdy/bwrap-scripts
+progname="$(basename "${0}")"
+
+help_text="Usage: $progname [OPTION...] [FILE]
+
+View a file or STDIN in w3m, sandboxed with bubblewrap.
+Internet access is blocked; ideal for viewing HTML emails.
+
+Options:
+ -h, --help Print this help and exit
+"
+
+usage() {
+ printf '%s' "$help_text"
+}
+
+# when the user passess bad args, send a msg to stderr and exit
+# usage: bad_option <option> <reason>
+bad_option() {
+ echo "$progname: option $1: $2" >&2
+ usage >&2
+ exit 1
+}
+
+args=''
+
+# parse arguments
+while [ $# -gt 0 ]; do
+ case "$1" in
+ -h | --help)
+ usage
+ exit 0
+ ;;
+ -*)
+ args="$args $1"
+ ;;
+ *)
+ if [ -f "$1" ]; then
+ file_path="$1"
+ else
+ args="$args $1"
+ fi
+ ;;
+ esac
+ shift
+done
+
+if [ -n "$TERMINFO" ]; then
+ terminfo="$TERMINFO"
+else
+ terminfo="/usr/share/terminfo"
+fi
+
+xdg_data="${XDG_DATA_HOME-$HOME/.local/share}"
+
+bwrap_wrapper() {
+ env -i bwrap \
+ --ro-bind /home/devi/w3m/w3m /home/devi/w3m/w3m \
+ --ro-bind "$terminfo" /usr/share/terminfo \
+ --ro-bind "$HOME/.w3m" "$HOME/.w3m" \
+ --symlink usr/lib64 /lib64 \
+ --ro-bind /usr/lib64 /usr/lib64 \
+ --proc /proc \
+ --unshare-all \
+ --hostname RESTRICTED \
+ --setenv WWW_HOME "$HOME/.w3m" \
+ --setenv TERM "$TERM" \
+ --new-session --die-with-parent --cap-drop ALL \
+ "$@"
+ # "$@" 9<"$xdg_data/seccomp/seccomp-filter-default.bpf"
+
+}
+
+if [ -z "$file_path" ]; then
+ bwrap_wrapper /home/devi/w3m/w3m \
+ -I %{charset} \
+ -T text/html \
+ -no-mouse \
+ -no-cookie \
+ -cols "$COLUMNS" \
+ -o display_link=true \
+ -o display_link_number=true \
+ -o display_image=false \
+ $args
+else
+ bwrap_wrapper \
+ --ro-bind "$(dirname "$file_path")" /data /home/devi/w3m/w3m \
+ -I %{charset} \
+ -T text/html \
+ -cols "$COLUMNS" \
+ -o display_link=true \
+ -o display_link_number=true \
+ -o display_image=false \
+ $args \
+ "/data/$(basename "$file_path")"
+fi
+
+# vi:ft=sh