[Evolution-hackers] Re: [evolution-patches] Fix mailto: handling of arbitrary headers.

From: David Woodhouse <dwmw2 infradead org>
To: evolution-hackers ximian com
Subject: [Evolution-hackers] Re: [evolution-patches] Fix mailto: handling of arbitrary headers.
Date: Tue, 19 Aug 2003 16:17:30 +0100

On Tue, 2003-08-19 at 15:57 +0100, David Woodhouse wrote:
> Against -HEAD.

Was going to resend for 1.4 branch too but in fact the changelog applies
cleanly there too.

> +			} else if (!strncasecmp (header, "from", len) ||
> +				   !strncasecmp (header, "reply-to", len)) {
> +				/* FIXME: Warn about nasty mailto: link? */

Looking at �7 of RFC2368 this isn't necessarily enough... I suspect we
should have two lists of headers we know about...

1. 'Safe' headers: CC, Subject, References, etc. 
   Always allow a mailto: link to set these.

2. 'Unsafe' headers: From, Reply-To, etc. 
    Never allow a mailto: link to set these.

3. Others.
    Ask the user for permission before allowing them?

Certainly the current behaviour of just putting them into the mail we
send is not encouraged by either the RFC or common sense :)

-- 
dwmw2

Follow-Ups:
- Re: [Evolution-hackers] Re: [evolution-patches] Fix mailto: handling of arbitrary headers.
  - From: Larry Ewing

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]