[Top] [All Lists]

Re: Sieve notify options and escaping

2007-03-26 11:04:53

On Mon, Mar 26, 2007, Alexey Melnikov 
<alexey(_dot_)melnikov(_at_)isode(_dot_)com> said:

Aaron, Dave has forwarded me your message:

Ok, moving back on list since we're more than one side-comment out.

Dave Cridland wrote:


Barry and I discussed the need for some text to say what this means:

   notify :options "body=${summary}" "mailto:foo(_at_)bar" 

Because when you expand ${summary} is pretty important wrt escaping.
Barry said that he'd add some text to handle this. I forgot to mention
it in the jabber room for the official notes.

Is this specific to Mailto notification method? Note that there is no 
text in notify base saying that options are to be converted to URI 

Same issues arise from this:  mailto "mailto:foo(_at_)bar?body=${summary}"

What if ${summary} expands to "safebody&evil=evilbody"? We'll need some
text to handle this situation I think. The issue applies to all
mechanisms, I'm sure we could just as easily have additional xmpp url
arguments or options.

Do we have the option for "lazy evaluation" of variable expansion? If the
expansion takes place inside the action, we have no trouble. If it takes
place prior to calling the action, we need escaping.

Also, do we actually want to register the "body" option?

Sure, I don't see why not...


<Prev in Thread] Current Thread [Next in Thread>