You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2008/01/21 02:06:31 UTC
[Bug 5794] New: URIDetail uses %2E for ','
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5794
Summary: URIDetail uses %2E for ','
Product: Spamassassin
Version: 3.2.3
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: Documentation
AssignedTo: dev@spamassassin.apache.org
ReportedBy: geoff@hughes.net
The POD for URIDetail uses %2E in URLs instead of '.' As an author of POD to
HTML modules, I'd appreciate a pointer to where the use of that construct is defined
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5794] URIDetail uses %2E for ','
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5794
sidney@sidney.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
------- Additional Comments From sidney@sidney.com 2008-01-20 18:45 -------
%2E is the URLEncoded form of the character '.' URL Encoding is described in
RFC2396, where it says that it is permitted to URL encode characters such as '.'
that are not required to be encoded. Thus, a URI can include the sequence '%2E'
where there is supposed to be a '.' as in the examples in the POD.
It is true that if you pasted the string "http://www.example%2Ecom" into the
address bar of Firefox it would not decode that, as URL encoding is only for the
portion of the URL after the host name. However, SpamAssassin has to be
concerned with the behaviour of MUAs and what spammers do based on that, not
just with RFCs. If an email contains in a plain text message the string
http://www.example%2Ecom then both Thunderbird and Outlook Express will see that
as being a URI, will linkify it, and if it is clicked on will decode it to
http://www.example.com/ and send that to the browser.
Because of that, URIDetail provides the ability to write a rule that has access
to both the encoded and decoded versions of the URI, allowing one to catch
spammers' attempts at obfuscating URIs.
I'm closing this bug report because I don't see a bug being reported here. If
you have more questions about implementation, please ask on the SpamAssassin
developers mailing list.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Re: [Bug 5794] URIDetail uses %2E for ','
Posted by Geoffrey Leach <ge...@hughes.net>.
Exactly the response that I hoped for. Thanks.
On 01/20/2008 06:45:25 PM, bugzilla-daemon@bugzilla.spamassassin.org
wrote:
> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5794
>
>
> sidney@sidney.com changed:
>
> What |Removed |Added
> ----------------------------------------------------------------------------
> Status|NEW |RESOLVED
> Resolution| |WORKSFORME
>
>
>
>
> ------- Additional Comments From sidney@sidney.com 2008-01-20 18:45
> -------
> %2E is the URLEncoded form of the character '.' URL Encoding is
> described in
> RFC2396, where it says that it is permitted to URL encode characters
> such as '.'
> that are not required to be encoded. Thus, a URI can include the
> sequence '%2E'
> where there is supposed to be a '.' as in the examples in the POD.
>
> It is true that if you pasted the string "http://www.example%2Ecom"
> into the
> address bar of Firefox it would not decode that, as URL encoding is
> only for the
> portion of the URL after the host name. However, SpamAssassin has to
> be
> concerned with the behaviour of MUAs and what spammers do based on
> that, not
> just with RFCs. If an email contains in a plain text message the
> string
> http://www.example%2Ecom then both Thunderbird and Outlook Express
> will see that
> as being a URI, will linkify it, and if it is clicked on will decode
> it to
> http://www.example.com/ and send that to the browser.
>
> Because of that, URIDetail provides the ability to write a rule that
> has access
> to both the encoded and decoded versions of the URI, allowing one to
> catch
> spammers' attempts at obfuscating URIs.
>
> I'm closing this bug report because I don't see a bug being reported
> here. If
> you have more questions about implementation, please ask on the
> SpamAssassin
> developers mailing list.
>
>
>
>
> ------- You are receiving this mail because: -------
> You reported the bug, or are watching the reporter.