Open Bug 718419 Opened 13 years ago Updated 3 years ago

Allow more alarm actions (PROCEDURE, AUDIO, ...)

Categories

(Calendar :: Alarms, enhancement)

Product:
Calendar
Component:
Alarms
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: Yoric, Unassigned)

References

Details

(Keywords: student-project, Whiteboard: [extension fodder])

I would like to be able to attach an action to an alarm. Possible actions: - play some sound/music; - execute a script; - open a file; - send an e-mail; - (current default action) show a reminder on screen.
Assignee: nobody → anto.dominicpaul
> - play some sound/music; > - execute a script; > - open a file; This has been discussed before and it was decided to not add this to Lightning. See Bug 337906. > - send an e-mail; See Bug 360799.
(In reply to Stefan Sitter from comment #1) > > - play some sound/music; > > - execute a script; > > - open a file; > > This has been discussed before and it was decided to not add this to > Lightning. See Bug 337906. Do I understand correctly that this could technically be implemented as an add-on? If so, I think it's even better. > > - send an e-mail; > > See Bug 360799. Thanks.
(In reply to David Rajchenbach Teller [:Yoric] from comment #2) > > This has been discussed before and it was decided to not add this to > > Lightning. See Bug 337906. > > Do I understand correctly that this could technically be implemented as an > add-on? If so, I think it's even better. Yes, that should be quite possible. The process should be the same as I described in bug 360799. Note that for some of the mentioned actions there are standardized names for the action values (i.e AUDIO and EMAIL and PROCEDURE) in rfc5545 and rfc 2445, see http://tools.ietf.org/html/rfc5545#section-8.3.10. I'm sure you are also aware of possible security issues with PROCEDURE type alarm actions. Especially if you get an email invitation that contains a PROCEDURE alarm. I hope we strip out alarms anyway, but just so you know.
Summary: Attach actions to alarms → Allow more alarm actions (PROCEDURE, AUDIO, ...)
Whiteboard: [extension fodder]
(In reply to Philipp Kewisch [:Fallen] from comment #3) > I'm sure you are also aware of possible security issues with PROCEDURE type > alarm actions. Especially if you get an email invitation that contains a > PROCEDURE alarm. I hope we strip out alarms anyway, but just so you know. I actually am not. But there is no UI for this, is there?
The "PROCEDURE" value for the "ACTION" property has been deprecated in RFC 5545. Some more quotes: Chapter 3.5 Security Considerations: [...] The "VALARM" calendar component can be of type PROCEDURE and can have an attachment containing some sort of executable program. Implementations that incorporate these types of alarms are subject to any virus or malicious attack that might occur as a result of executing the attachment. Chapter 4.6.6 Alarm Component [...] "Calendar User Agents" that receive an iCalendar object with this category of alarm, can disable or allow the "Calendar User" to disable, or otherwise ignore this type of alarm. While a very useful alarm capability, the PROCEDURE type of alarm SHOULD be treated by the "Calendar User Agent" as a potential security risk. Maybe one of the reasons why it was decided to not implement this in Lightning.
Yeah, security issues as Stefan already mentioned. To give an example, lets assume you get a prepared invitation (maybe spam), that attempts to use Javascript to either trick you into entering your password or even gets chrome privs and just silently send back some infos. Given this stays an extension, its won't do much harm to Lightning itself, but instead the extension might get some negative reviews :-)
Good point. I suspect that we can simply inform the user that this invitation contains a program and can possibly damage the computer, etc.
Another interesting thing that would make a good addition to Lightning core is that if Thunderbird shows the Junk/Scam bars, that the invitation bar is not shown at all.
Assignee: anto.dominicpaul → nobody
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.