On 6/29/20 12:18 PM, Kurt Jaeger via Exim-users wrote: > One thing I'll test is if we hand values over to perl, maybe > we'll get back untainted value... > > Or did me beat someone to that already ? 8-}
I did not test that, I would imagine that should work because how would it really know what return values you are sending back. I know that using sg{} or {if match {} {} {}} does not work, string expansion fails... Even this fails... ${if match {$local_part}{.*sms[\-\+]([a-z0-9]+).*}{$1}{}} With expansion failure due to tainted... I'm clearly just pulling how known safe data, so it should be considered de-tainted.... There is literally no difference vs doing some fake lookup... -- inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP: https://pgp.inoc.net/rblayzor/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/