[Tickets #6748] Re: Firefox 3 Web Based Protocol Handler support
bugs at horde.org
bugs at horde.org
Thu Jun 12 14:14:09 UTC 2008
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/6748
-----------------------------------------------------------------------
Ticket | 6748
Updated By | xk3 at mompl.org
Summary | Firefox 3 Web Based Protocol Handler support
Queue | IMP
Version | HEAD
Type | Enhancement
State | Assigned
Priority | 1. Low
Milestone |
Patch |
Owners | Michael Slusarz
+New Attachment | patch.ff3-mailto.diff
-----------------------------------------------------------------------
xk3 at mompl.org (2008-06-12 10:14) wrote:
> Add support for Firefox 3 web based protocol handlers:
> http://developer.mozilla.org/en/docs/Web-based_protocol_handlers
attached patch touches two files:
1) IMP.php function: getComposeArgs
mailto URI refers to the message body as "body", not as "message".
2) The added HTML file registers the mailto handler for FF3
(has to be called from same domain as IMP, see mentioned FF3 docs)
Keep the %26 for & in the handler URL!
A security thought: I propose to strip CC and BCC from the mailto: URL
(i.e. don't copy them in getComposeArgs, if this function is not used
otherwise too), as these fields are not always shown in the compose
popup and the (normal) user would not expect these copies. From RFC
2368 (The mailto URL scheme):
4. Unsafe headers
The user agent interpreting a mailto URL SHOULD choose not to create
a message if any of the headers are considered dangerous; it may also
choose to create a message with only a subset of the headers given in
the URL. Only the Subject, Keywords, and Body headers are believed
to be both safe and useful.
The creator of a mailto URL cannot expect the resolver of a URL to
understand more than the "subject" and "body" headers.
Martin
More information about the bugs
mailing list