mailcap
: Secure use of mailcapThe interpretion of shell meta-characters embedded in MIME parameters can lead to security problems in general. Mutt tries to quote parameters in expansion of %s syntaxes properly, and avoids risky characters by substituting them, see the mailcap_sanitize variable.
Although mutt's procedures to invoke programs with mailcap seem to be safe, there are other applications parsing mailcap, maybe taking less care of it. Therefore you should pay attention to the following rules:
Keep the %-expandos away from shell quoting. Don't quote them with single or double quotes. Mutt does this for you, the right way, as should any other program which interprets mailcap. Don't put them into backtick expansions. Be highly careful with eval statements, and avoid them if possible at all. Trying to fix broken behaviour with quotes introduces new leaks - there is no alternative to correct quoting in the first place.
If you have to use the %-expandos' values in context where you need
quoting or backtick expansions, put that value into a shell variable
and reference the shell variable where necessary, as in the following
example (using $charset inside the backtick expansion is safe,
since it is not itself subject to any further expansion):
text/test-mailcap-bug; cat %s; copiousoutput; test=charset=%{charset} \
&& test "`echo $charset | tr '[A-Z]' '[a-z]'`" != iso-8859-1
mailcap
: Secure use of mailcap