You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2008/01/21 02:06:31 UTC

[Bug 5794] New: URIDetail uses %2E for ','

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5794

           Summary: URIDetail uses %2E for ','
           Product: Spamassassin
           Version: 3.2.3
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Documentation
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: geoff@hughes.net


The POD for URIDetail uses %2E in URLs instead of '.' As an author of POD to
HTML modules, I'd appreciate a pointer to where the use of that construct is defined



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 5794] URIDetail uses %2E for ','

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5794


sidney@sidney.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WORKSFORME




------- Additional Comments From sidney@sidney.com  2008-01-20 18:45 -------
%2E is the URLEncoded form of the character '.' URL Encoding is described in
RFC2396, where it says that it is permitted to URL encode characters such as '.'
that are not required to be encoded. Thus, a URI can include the sequence '%2E'
where there is supposed to be a '.' as in the examples in the POD.

It is true that if you pasted the string "http://www.example%2Ecom" into the
address bar of Firefox it would not decode that, as URL encoding is only for the
portion of the URL after the host name. However, SpamAssassin has to be
concerned with the behaviour of MUAs and what spammers do based on that, not
just with RFCs. If an email contains in a plain text message the string
http://www.example%2Ecom then both Thunderbird and Outlook Express will see that
as being a URI, will linkify it, and if it is clicked on will decode it to
http://www.example.com/ and send that to the browser.

Because of that, URIDetail provides the ability to write a rule that has access
to both the encoded and decoded versions of the URI, allowing one to catch
spammers' attempts at obfuscating URIs.

I'm closing this bug report because I don't see a bug being reported here. If
you have more questions about implementation, please ask on the SpamAssassin
developers mailing list.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Re: [Bug 5794] URIDetail uses %2E for ','

Posted by Geoffrey Leach <ge...@hughes.net>.

Exactly the response that I hoped for.  Thanks.

On 01/20/2008 06:45:25 PM, bugzilla-daemon@bugzilla.spamassassin.org 
wrote:
> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5794
> 
> 
> sidney@sidney.com changed:
> 
>            What    |Removed                     |Added
> ----------------------------------------------------------------------------
>              Status|NEW                         |RESOLVED
>          Resolution|                            |WORKSFORME
> 
> 
> 
> 
> ------- Additional Comments From sidney@sidney.com  2008-01-20 18:45
> -------
> %2E is the URLEncoded form of the character '.' URL Encoding is
> described in
> RFC2396, where it says that it is permitted to URL encode characters
> such as '.'
> that are not required to be encoded. Thus, a URI can include the
> sequence '%2E'
> where there is supposed to be a '.' as in the examples in the POD.
> 
> It is true that if you pasted the string "http://www.example%2Ecom"
> into the
> address bar of Firefox it would not decode that, as URL encoding is
> only for the
> portion of the URL after the host name. However, SpamAssassin has to
> be
> concerned with the behaviour of MUAs and what spammers do based on
> that, not
> just with RFCs. If an email contains in a plain text message the
> string
> http://www.example%2Ecom then both Thunderbird and Outlook Express
> will see that
> as being a URI, will linkify it, and if it is clicked on will decode
> it to
> http://www.example.com/ and send that to the browser.
> 
> Because of that, URIDetail provides the ability to write a rule that
> has access
> to both the encoded and decoded versions of the URI, allowing one to
> catch
> spammers' attempts at obfuscating URIs.
> 
> I'm closing this bug report because I don't see a bug being reported
> here. If
> you have more questions about implementation, please ask on the
> SpamAssassin
> developers mailing list.
> 
> 
> 
> 
> ------- You are receiving this mail because: -------
> You reported the bug, or are watching the reporter.