Bug#172436: Security concerns regarding browser proposal
On Sun, Aug 03, 2003 at 07:48:43PM -0400, Matt Zimmerman wrote:
> It might be a good idea to specify how quoting should be handled, both for
> shell metacharacters and format specifiers.
Odd, I thought I'd mentioned
http://www.dwheeler.com/browse/secure_browser.html in this bug, but
evidently not. man implements the "Compatible Secure BROWSER Definition"
from that page. It's about 50 lines of C, not counting an escape_shell()
utility function.
We could also go for the Alternative definition on the same page, which
acknowledges that you probably need a helper script anyway to do the
complicated Netscape/Mozilla stuff and ditches the % characters
entirely. I don't have any strong feelings about which to use.
Cheers,
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: