[Evolution-hackers] Re: [evolution-patches] Fix mailto: handling of arbitrary headers.



On Tue, 2003-08-19 at 15:57 +0100, David Woodhouse wrote:
> Against -HEAD.

Was going to resend for 1.4 branch too but in fact the changelog applies
cleanly there too.

> +			} else if (!strncasecmp (header, "from", len) ||
> +				   !strncasecmp (header, "reply-to", len)) {
> +				/* FIXME: Warn about nasty mailto: link? */

Looking at �7 of RFC2368 this isn't necessarily enough... I suspect we
should have two lists of headers we know about...

1. 'Safe' headers: CC, Subject, References, etc. 
   Always allow a mailto: link to set these.

2. 'Unsafe' headers: From, Reply-To, etc. 
    Never allow a mailto: link to set these.

3. Others.
    Ask the user for permission before allowing them?

Certainly the current behaviour of just putting them into the mail we
send is not encouraged by either the RFC or common sense :)

-- 
dwmw2




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]