Witold Filipczyk <[EMAIL PROTECTED]> writes:
> text/html; elinks -dump -eval 'set document.codepage.assume = "%{charset}"'
> %s; copiousoutput
The Mutt manual recommends not putting quotes around %.
http://www.mutt.org/doc/manual/manual-5.html#ss5.3
there under "Secure use of mailcap". Mutt's default
mailcap_sanitize=yes should prevent command injections though.
If we wanted not to rely on mailcap_sanitize, so that the mailcap
file could be safely used by programs other than Mutt, the first
attempt might be:
text/html; charset=%{charset} && elinks -dump -eval \
"set document.codepage.assume = \"$charset\"" %s; copiousoutput
However, that still isn't quite right, because even though
%{charset} is now properly quoted for the shell, it could be
misparsed by ELinks if it contains quotes, and then you could get
e.g. 'include "/dev/urandom"' in the -eval. How to fix this:
(a) Note that ELinks does not actually support any charsets whose
names contain quotes, and add some shell commands to reject
those.
(b) Filter the string through sed in order to escape any quotes.
(c) Change ELinks to support elinks -assume-codepage %{charset}.
Then the configuration file parser would not be involved.
(d) Change ELinks to support elinks -set document.codepage.assume
%{charset}, so that other options can be set in the same way.
But would we then want a similar command-line option for
set_domain as well?
If document.codepage.assume is the only option that needs to be
settable in this way, I think approach (c) would be reasonable,
and easy to implement.
_______________________________________________
elinks-users mailing list
elinks-users@linuxfromscratch.org
http://linuxfromscratch.org/mailman/listinfo/elinks-users
