Date | Commit message (Collapse) |
|
Otherwise, URLs can be crafted to inject HTML.
|
|
Oops, pesky users of single-character email addresses!
|
|
Wow, I don't know crypto at all.
|
|
Fixup a comment about s/query string/PATH_INFO/ while
we're at it, as pre-published versions of this used
query strings before I determined it could be harder
to copy+paste URLs with query parameters in them.
|
|
While public-inbox is intended primarily for archival,
SMTP list subscriptions are still in use in most places
and users are likely to want a good unsubscribe mechanism.
HTTP (or HTTPS) links in the List-Unsubscribe header are
often preferable since some users may use an incorrect
email address for mailto: links.
Thus, it is useful to provide an example which generates an
HTTPS link for users to click on. The default .psgi requires
a POST confirmation (as destructive actions with GET are
considered bad practice). However, the "confirm" parameter
may be disabled for a true "one-click" unsubscribe.
The generated URLs are hopefully short enough and both shell
and highlighting-friendly to reduce copy+paste errors.
|