Hi, On Jun 14, 2013, at 10:11 AM, Ben Johnson <[email protected]> wrote: > It seems as though the only truly reliable method would be to validate > the scripts in consideration of your own environment. As you suggested, > a simple Web form (ideally, one that requires authentication) into which > users can paste scripts and email bodies would do the job. The form > inputs can then be passed to sieve-test. Needless to say, the form > inputs should be escaped very carefully to prevent arbitrary code from > being executed on your system.
I just re-read your mail, and I must admit I don't understand one part: why would I need authentication? I was thinking of just serving a HTML form via https which expects you to pass a sample mail and a Sieve script, and when submitting that sieve-test is executed and you see the result. I suppose you were thinking of a different usage, something like - a user logs in with his IMAP credentials, uploads a random mail and then the web server uses the Sieve script which is currently active? -- Frerich Raabe - [email protected] www.froglogic.com - Multi-Platform GUI Testing
