[Dovecot] Allowing clients to test their Sieve scripts

Frerich Raabe raabe at froglogic.com
Sat Jun 15 04:03:09 EEST 2013


On Jun 14, 2013, at 10:11 AM, Ben Johnson <ben at indietorrent.org> wrote:
> It seems as though the only truly reliable method would be to validate
> the scripts in consideration of your own environment. As you suggested,
> a simple Web form (ideally, one that requires authentication) into which
> users can paste scripts and email bodies would do the job. The form
> inputs can then be passed to sieve-test. Needless to say, the form
> inputs should be escaped very carefully to prevent arbitrary code from
> being executed on your system.

I just re-read your mail, and I must admit I don't understand one
part: why would I need authentication? I was thinking of just serving
a HTML form via https which expects you to pass a sample mail and a
Sieve script, and when submitting that sieve-test is executed and
you see the result.

I suppose you were thinking of a different usage, something like - a
user logs in with his IMAP credentials, uploads a random mail and then
the web server uses the Sieve script which is currently active?

Frerich Raabe - raabe at froglogic.com
www.froglogic.com - Multi-Platform GUI Testing

More information about the dovecot mailing list