Re: [exim] tainted data issues

Pàgina inicial
Delete this message
Reply to this message
Autor: Jeremy Harris
Data:  
A: exim-users
Assumpte: Re: [exim] tainted data issues
On 11/11/2020 16:29, Ian Zimmerman via Exim-users wrote:
> On 2020-11-11 13:16, Jeremy Harris wrote:
>
>>> Semi-radical: provide an ACL, router, and transport modifier that
>>> checks some variable or content for dangerous contents
>
>> We have that. All data provided by an untrusted source, described
>> as "tainted" for a shorthand.
>
> I will not argue with the rest of your post, but it is not a _modifier_
> if it is always on.


Ah. Would an expansion condition be sufficient? So you could write

${if tainted{my_suspect_expansion} {expand_this} {expand_that}}

That would be simple to code and test.
--
Cheers,
Jeremy