On 10/11/2020 20:45, Sebastian Nielsen via Exim-users wrote:
I think as I said, provide a untaint tool, that allows custom data to verify against.Like: ${untaint(${var}, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789")}
No; this is a bad idea. It is far to easy for someone to write a matcher which just untaints everything, disabling the security. Three people would do that, and one would post it on serverfault. Then it would be cargo-culted forever. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
