ietf-mta-filters
[Top] [All Lists]

Re: Sieve notify options and escaping

2007-04-10 04:25:05

Aaron Stone wrote:

On Mon, Mar 26, 2007, Alexey Melnikov <alexey(_dot_)melnikov(_at_)isode(_dot_)com> said:
Aaron, Dave has forwarded me your message:
Ok, moving back on list since we're more than one side-comment out.
Dave Cridland wrote:
Dave,

Barry and I discussed the need for some text to say what this means:

notify :options "body=${summary}" "mailto:foo(_at_)bar"
Because when you expand ${summary} is pretty important wrt escaping.
Barry said that he'd add some text to handle this. I forgot to mention
it in the jabber room for the official notes.
Is this specific to Mailto notification method? Note that there is no text in notify base saying that options are to be converted to URI parameters.
Same issues arise from this:  mailto "mailto:foo(_at_)bar?body=${summary}"

What if ${summary} expands to "safebody&evil=evilbody"? We'll need some
text to handle this situation I think.

If you suggest some, I will include it ;-).

The issue applies to all
mechanisms, I'm sure we could just as easily have additional xmpp url
arguments or options.

Do we have the option for "lazy evaluation" of variable expansion? If the
expansion takes place inside the action, we have no trouble. If it takes
place prior to calling the action, we need escaping.
Also, do we actually want to register the "body" option?
Sure, I don't see why not...
Personally I dislike this, as this will most likely require a new IANA registry.
So far we were able to punt on this, as we didn't have any options.


<Prev in Thread] Current Thread [Next in Thread>