Message 247946 - Python tracker (original) (raw)

@David Thanks for the comment :-)

I think if you read the Documentation https://docs.python.org/2/library/mailcap.html this may lead new programmers, wich may never heard of Shell Injections before, step by step directly to write insecure webbbrowsers and/or mail readers. At least there should be a warning in the docs !

You ask why run-mailcap do not use quotig, i believe because quoting is not an easy thing to do, i attached a demo ;-)

Thank you.