[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#55926: 29.0.50; message.el does not normalize In-Reply-To field from
|
From: |
Robert Pluim |
|
Subject: |
bug#55926: 29.0.50; message.el does not normalize In-Reply-To field from web links |
|
Date: |
Tue, 14 Jun 2022 18:27:40 +0200 |
>>>>> On Tue, 14 Jun 2022 23:11:45 +0700, Max Nikulin <manikulin@gmail.com>
>>>>> said:
Max> Unsure if it is possible to do something really weird through a
Max> specially crafted mailto: link (by adding some special headers), but
Max> it looks like it is possible to add something that sender may not like
Max> to see in its message. So it is better to sanitize input link
Max> parameters that are used to generate headers.
Iʼm not aware of any code in Emacs that calls `eval' or similar on
parameters passed to `browse-url' or `message-mailto', but you never
know. Donʼt use Emacs to connect to your bank's website :-)
I think Lars' changes here are enough.
Robert
--