[Users] Quoting/escaping shell input within templates

Holger Berndt berndth at gmx.de
Sun Apr 7 14:00:05 CEST 2013

On Fr, 05.04.2013 14:23, Trevor Carey-Smith wrote:

>So, is there a better way to quote the %t field or some other way to do
>what I want?

It depends on what exactly you want, but it's likely that you can
achieve it with the Python plugin.

For example, the following snipped as "compose_any" script will insert
your string at the cursor position:
===== 8< ============================================================
import re
if clawsmail.compose_window.replyinfo:
    headers = []
    if clawsmail.compose_window.replyinfo.To:
        if clawsmail.compose_window.replyinfo.Cc:
    except AttributeError:
    match = re.search('[a-zA-Z]*@mydomain.com', " ".join(headers))
    if match:
        buffer = clawsmail.compose_window.text.get_buffer()
===== 8< ============================================================

That doesn't have shell injection problems. On the other hand, you will
need the latest git version to access the Cc header - used with the
latest released version of the plugin, only the To header will be

You could extend the script to insert the string somewhere else than at
the cursor position, or replace some variable from the template body, or
even use the script instead of the reply template.

I'm aware that this is quite an overkill compared to the template pipe
way of doing things. However, as nobody else had a better answer so
far, I thought I'd mention it.


More information about the Users mailing list