Witold Filipczyk <[EMAIL PROTECTED]> writes: > text/html; elinks -dump -eval 'set document.codepage.assume = "%{charset}"' > %s; copiousoutput
The Mutt manual recommends not putting quotes around %. http://www.mutt.org/doc/manual/manual-5.html#ss5.3 there under "Secure use of mailcap". Mutt's default mailcap_sanitize=yes should prevent command injections though. If we wanted not to rely on mailcap_sanitize, so that the mailcap file could be safely used by programs other than Mutt, the first attempt might be: text/html; charset=%{charset} && elinks -dump -eval \ "set document.codepage.assume = \"$charset\"" %s; copiousoutput However, that still isn't quite right, because even though %{charset} is now properly quoted for the shell, it could be misparsed by ELinks if it contains quotes, and then you could get e.g. 'include "/dev/urandom"' in the -eval. How to fix this: (a) Note that ELinks does not actually support any charsets whose names contain quotes, and add some shell commands to reject those. (b) Filter the string through sed in order to escape any quotes. (c) Change ELinks to support elinks -assume-codepage %{charset}. Then the configuration file parser would not be involved. (d) Change ELinks to support elinks -set document.codepage.assume %{charset}, so that other options can be set in the same way. But would we then want a similar command-line option for set_domain as well? If document.codepage.assume is the only option that needs to be settable in this way, I think approach (c) would be reasonable, and easy to implement. _______________________________________________ elinks-users mailing list elinks-users@linuxfromscratch.org http://linuxfromscratch.org/mailman/listinfo/elinks-users