Menu
▾
▴
Re: [Gmailagent-devel] Re: RFC: libgmail contacts
|
From: Stas Z <sta...@gm...> - 2005-09-18 07:13:50
|
As of this moment the contacts support seems broken due to a change in Gmai= l. I suspect they have a cron job for changing the pages at random just for fu= n :-/ On 9/18/05, Andrew Lin <one...@gm...> wrote: > Hi Stas et al., >=20 > I've subscribed myself to gmailagent-devel, so you won't need to cc me an= ymore. >=20 > 1. A good point. The reason I wanted this functionality is that gmail > is my primary email system (in fact, the only other one I use is > Outlook/Exchange, against my will...) and as such I wanted to keep my > primary address book in the same place. I don't know how many other > people are in that boat. Ok, so there's a need for extended contacts. =20 > 2. An optimization you could look at is not reading a contact in full > (i.e., in your case calling _getSpecInfo()) if you can tell that the > notes field is empty. I guess there may be corner cases (what happens > if the first line of notes is blank?) to investigate; I'm sure that > that won't happen in my personal address book, so I didn't bother > checking before putting this in my module. I think we could use the 'old' notes retrieval and use the full notes as a option with a time delay. > 3. I actually believe my code is safer. I tried for some time to > break out of the restricted evaluation mode you get by setting > __builtins__ to None, to no avail. Furthermore, I'm fairly sure that > even if you could get out of that with carefully constructed code, it > would require Google programmers to deliberately inject that code into > their returned Javascript to exploit it. Your probably right, I must confess I forgot that our parser uses unsave stuff :-( > On the other hand, since you got me to thinking about it, I think I > can show how libgmail's parser is currently unsafe. Because I'm not > sure how serious a security hole this is, I'll send details to Stas > and await his approval to mail the list. Thanks, I will forward it to Waseem too. @Waseem, it's a security risk indeed :-( Stas --=20 A nation that continues year after year to spend more money on military def= ense than on programs of social uplift is approaching spiritual doom. Martin Luther King, Jr. |
