On Sat, 06 Oct 2007 12:43:16 EDT, "Geo." said: > If the application is what exposes the URI handling routine to untrusted > code from the internet, then it's the application's job to make sure that > code is trusted before exposing system components to it's commands, no? I think that given a system service that says "I will handle a mailto: URI", that a programmer can *reasonably* expect the following: 1) That it will be handed to a program that actually does e-mail, and not a calculator. calc.exe hasn't *yet* followed the programming aphorism that every program grows until it can read e-mail. 2) That said program can protect itself against overtly malicious input. "When people pcp a chocky in their mouth, they don't expect steel bolts to string out and pierce their cheeks" -- Monty Python.
Attachment:
pgpkvx4edcBCS.pgp
Description: PGP signature