Re: [exim] tainted data issues

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jeremy Harris
Date:  
À: exim-users
Sujet: Re: [exim] tainted data issues
On 11/11/2020 16:29, Ian Zimmerman via Exim-users wrote:
> On 2020-11-11 13:16, Jeremy Harris wrote:
>
>>> Semi-radical: provide an ACL, router, and transport modifier that
>>> checks some variable or content for dangerous contents
>
>> We have that. All data provided by an untrusted source, described
>> as "tainted" for a shorthand.
>
> I will not argue with the rest of your post, but it is not a _modifier_
> if it is always on.


Ah. Would an expansion condition be sufficient? So you could write

${if tainted{my_suspect_expansion} {expand_this} {expand_that}}

That would be simple to code and test.
--
Cheers,
Jeremy