On 25 Aug 2013, at 19:34, Nitin Goyal wrote:
On 25 Aug 2013, at 21:30, [email protected] wrote:
You MUST use the url_encode function from the Alfred example for each
of the values above. Otherwise it'll break for certain kinds of input
and, even worse, you run the risk of code injection. For example, I
could construct a webpage title, which would result in a mailto: URL
telling MailMate to send any file on your disk to any email address.
I could not make out anything from alfred script :). Can you help?
You must include this function:
on url_encode(theText)
return do shell script "printf " & quoted form of theText & " | xxd -u
-plain | sed 's/\\(..\\)/%\\1/g' | tr -d '\\n'"
end url_encode
And then do, e.g., `url_encode(theReceiver)` before making it part of
the `mailto` string.
--
Benny
_______________________________________________
mailmate mailing list
[email protected]
http://lists.freron.com/listinfo/mailmate
