[Top] [All Lists]

Re: Sieve notify options and escaping

2007-03-27 07:23:30

On Tue, 2007-03-27 at 14:03 +0200, Kjetil Torgrim Homme wrote:
On Mon, 2007-03-26 at 17:53 +0000, Aaron Stone wrote:
Do we have the option for "lazy evaluation" of variable expansion? If the
expansion takes place inside the action, we have no trouble. If it takes
place prior to calling the action, we need escaping.

[variables] says:

3.  Interpretation of strings
   Tests or actions in future extensions may need to access the
   unexpanded version of the string argument and, e.g., do the expansion
   after setting variables in its namespace.  The design of the
   implementation should allow this.

so the door is kept open, but the extension needs to be explicit about
it.  notice that a separate namespace should be used for such "dynamic"
or "internal" variables, in other words it should be ${notify.summary},
not just ${summary}.  for normal variables without a namespace, the
behaviour is:

   The expanded string MUST use the variable values which are current
   when control reaches the statement the string is part of.

So a user can supply a variable that expands into valid options or url
syntax. I do think we have to prevent this.


<Prev in Thread] Current Thread [Next in Thread>