This restriction does not seem to be true.Comments are ignored; they can be placed only at the beginning of a line...
Test case:
Yahoo Classic Mail requires a separate code object to download attachments, which must be TA'd in NS Blocked Objects menu, > page reload, etc. PITA.
Solution: ABE rule:
Code: Select all
#Yahoo mail attachment rule
Site *@http://mud.attach.mail.yahoo.com *@http://*.attach.mail.ymail.com/*
Accept from .mail.yahoo.com
Deny Test the comment restriction:
Navigate away, or close/restart browser, and modify ABE rule as follows:
Code: Select all
#Yahoo mail attachment rule
Site *@http://mud.attach.mail.yahoo.com *@http://*.attach.mail.ymail.com/* #some comment
Accept from .mail.yahoo.com # some other comment
Deny #lorem ipsumExpected result: Field turns red, indicating syntax error, and box pops up to notify of syntax error X on line Y.
Actual result: Field remains black; no syntax error message.
Go to Classic Yahoo mail and attempt to download an attachment with the above modified rule.
Expected result, per the Rules on comments: Should break the rule, thus requiring manual TA of blocked object the same as without ABE.
Actual result: Attachment downloads without further permissions or problems.
Conclusion: Apparently, comments may be placed on the same line as rule items, not just at the beginning of a line, and need not be the only text on the line.
Any non-Yahoo-Mail-users who want to reproduce this can get a Yahoo mail account for free. Sending yourself an attachment should be sufficient to test.
Giorgio?
_______________
Additional general info that may be useful to Yahoo Mail users:
The second "Site" entry,
Code: Select all
*@http://*.attach.mail.ymail.com/*This new domain does not always use the 5th-level domain of "mud" (Mail Upload/Download?), but uses various others that may or may not indicate some location or region, or possibly just for load-balancing on the servers.
Therefore, the wildcard was added to the ymail domain.
(Doesn't seem to be necessary on the mail.yahoo.com domain.)
Some time ago, code objects were required for uploads as well, but recently, they seem to work fine without additional Blocked Object permissions.
Yahooapis.com is not required for any of this, although it's required for some other functions, such as editing Contacts, user status, IM, etc.
My whitelist does not include the entire yahoo.com and yimg.com domains, but only mail.yahoo.com and mail.yimg.com, as I don't use scripting at the other services -- News, Finance, etc. -- very often. Your needs may vary.
