From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#28350: enriched.el code execution Date: Thu, 07 Sep 2017 05:34:34 +0300 Message-ID: <837exb1bk5.fsf@gnu.org> References: Reply-To: Eli Zaretskii NNTP-Posting-Host: blaine.gmane.org X-Trace: blaine.gmane.org 1504751718 23789 195.159.176.226 (7 Sep 2017 02:35:18 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Thu, 7 Sep 2017 02:35:18 +0000 (UTC) Cc: 28350@debbugs.gnu.org To: charles@aurox.ch (Charles A. Roelli) Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Sep 07 04:35:08 2017 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dpmen-0005fH-Rw for geb-bug-gnu-emacs@m.gmane.org; Thu, 07 Sep 2017 04:35:05 +0200 Original-Received: from localhost ([::1]:38625 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dpmev-00012m-3f for geb-bug-gnu-emacs@m.gmane.org; Wed, 06 Sep 2017 22:35:13 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:44856) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dpmep-00011S-8Z for bug-gnu-emacs@gnu.org; Wed, 06 Sep 2017 22:35:08 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dpmek-0007qx-CV for bug-gnu-emacs@gnu.org; Wed, 06 Sep 2017 22:35:07 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:44993) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dpmek-0007qa-9w for bug-gnu-emacs@gnu.org; Wed, 06 Sep 2017 22:35:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dpmek-0003Pa-3t for bug-gnu-emacs@gnu.org; Wed, 06 Sep 2017 22:35:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 07 Sep 2017 02:35:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28350 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 28350-submit@debbugs.gnu.org id=B28350.150475168413085 (code B ref 28350); Thu, 07 Sep 2017 02:35:02 +0000 Original-Received: (at 28350) by debbugs.gnu.org; 7 Sep 2017 02:34:44 +0000 Original-Received: from localhost ([127.0.0.1]:53674 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dpmeR-0003Oz-NP for submit@debbugs.gnu.org; Wed, 06 Sep 2017 22:34:43 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:53600) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dpmeP-0003Om-HK for 28350@debbugs.gnu.org; Wed, 06 Sep 2017 22:34:41 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dpmeF-0007Rf-Jj for 28350@debbugs.gnu.org; Wed, 06 Sep 2017 22:34:36 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:36801) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dpmeF-0007RX-Fz; Wed, 06 Sep 2017 22:34:31 -0400 Original-Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:1491 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dpmeE-0004JZ-TX; Wed, 06 Sep 2017 22:34:31 -0400 In-reply-to: (charles@aurox.ch) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:136656 Archived-At: > Date: Wed, 06 Sep 2017 21:25:18 +0200 > From: charles@aurox.ch (Charles A. Roelli) > > As for a fix to apply to master: I'd like to keep "x-display" if we > can agree on some "safe" predicate that the given parameter would have > to satisfy. Looking at the list of display specifications that are > available, it seems that simple string, margin text, space-width, > height (only in the (+ n), (- n) and n cases) and raise specifications > should be okay. Does anybody else have an opinion about this? I agree that the cases you have shown are safe. Thanks.