Le vendredi 13 juillet 2012 à 14:26 +0200, George Danchev a écrit : > > It you want to make xdg-open useable for everything, please also > > add a way to specify the mime type as option. Without that using > > it for opening mail attachements or stuff downloaded (i.e. things > > that already show a mime type before you open it) is simply > > introducing a security bug.
It is much better to let xdg-open or what it launches determine the MIME type by inspecting the contents of the file instead of reading the MIME type from an email, anyway. For browsers, there is a list of safe/unsafe MIME types, so inspection is not required, but I’m not aware of a similar mechanism for email readers. > It appears that this has been done already, at least kfmclient accepts > mimetype as an option. However, for such sensitive use cases, I'd rather skip > the yet another level of indirection of having to second-guess an "opener" > app, being it xdg-open, kfmclient or any other, by mimetype hints, and just > inspect/dissect/open the suspicious thing as I find it most appropriate > depending on the circumstances (available inspection apps, time, etc) This is already what e.g. gvfs-open does: the MIME type is determined through content inspection according to the fd.o MIME specification. -- .''`. Josselin Mouette : :' : `. `' `- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1342184717.18031.43.camel@pi0307572
