From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: charles@aurox.ch (Charles A. Roelli) Newsgroups: gmane.emacs.bugs Subject: bug#28350: enriched.el code execution Date: Wed, 06 Sep 2017 21:25:18 +0200 Message-ID: References: NNTP-Posting-Host: blaine.gmane.org X-Trace: blaine.gmane.org 1504725988 3993 195.159.176.226 (6 Sep 2017 19:26:28 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 6 Sep 2017 19:26:28 +0000 (UTC) To: 28350@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Sep 06 21:26:19 2017 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dpfxh-00009z-PV for geb-bug-gnu-emacs@m.gmane.org; Wed, 06 Sep 2017 21:26:10 +0200 Original-Received: from localhost ([::1]:37565 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dpfxo-0000XF-K3 for geb-bug-gnu-emacs@m.gmane.org; Wed, 06 Sep 2017 15:26:16 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:40884) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dpfxf-0000Vg-Kg for bug-gnu-emacs@gnu.org; Wed, 06 Sep 2017 15:26:12 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dpfxa-0008EY-TB for bug-gnu-emacs@gnu.org; Wed, 06 Sep 2017 15:26:07 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:44707) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dpfxa-0008EJ-MQ for bug-gnu-emacs@gnu.org; Wed, 06 Sep 2017 15:26:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dpfxa-0001lo-88 for bug-gnu-emacs@gnu.org; Wed, 06 Sep 2017 15:26:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: charles@aurox.ch (Charles A. Roelli) Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 06 Sep 2017 19:26:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28350 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 28350-submit@debbugs.gnu.org id=B28350.15047259406773 (code B ref 28350); Wed, 06 Sep 2017 19:26:02 +0000 Original-Received: (at 28350) by debbugs.gnu.org; 6 Sep 2017 19:25:40 +0000 Original-Received: from localhost ([127.0.0.1]:53388 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dpfxE-0001lB-0A for submit@debbugs.gnu.org; Wed, 06 Sep 2017 15:25:40 -0400 Original-Received: from sinyavsky.aurox.ch ([37.35.109.145]:52201) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dpfxC-0001ky-4v for 28350@debbugs.gnu.org; Wed, 06 Sep 2017 15:25:38 -0400 Original-Received: from sinyavsky.aurox.ch (sinyavsky.aurox.ch [127.0.0.1]) by sinyavsky.aurox.ch (Postfix) with ESMTP id D610D22526 for <28350@debbugs.gnu.org>; Wed, 6 Sep 2017 19:19:27 +0000 (UTC) Authentication-Results: sinyavsky.aurox.ch (amavisd-new); dkim=pass (1024-bit key) reason="pass (just generated, assumed good)" header.d=aurox.ch DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aurox.ch; h= references:subject:subject:in-reply-to:to:from:from:message-id :date:date; s=dkim; t=1504725566; x=1505589567; bh=1TxvlKXXwcOL+ RuEN95K7YivSAyzMIaygH9HJmW3dmc=; b=f4TztJDYz0KP4cl8vhBFA8epz3753 kF7gWL9qFW7zmdyltps9Axm+J1SBh3MN9fUBvJe6rIJRyJrRmgq27RsVbs9J7Msc 0URoSYSy9WQ58evhUCTKcaPIhb+e4sQWVWIQhzbyrhT3GgL86XEZJFAMrLEWzYIH vrv1c6yTi0gvLQ= X-Virus-Scanned: Debian amavisd-new at test.virtualizor.com Original-Received: from sinyavsky.aurox.ch ([127.0.0.1]) by sinyavsky.aurox.ch (sinyavsky.aurox.ch [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id r16unYIo5wOH for <28350@debbugs.gnu.org>; Wed, 6 Sep 2017 19:19:26 +0000 (UTC) Original-Received: from gray (125.85.192.178.dynamic.wline.res.cust.swisscom.ch [178.192.85.125]) by sinyavsky.aurox.ch (Postfix) with ESMTPSA id 843E92250D for <28350@debbugs.gnu.org>; Wed, 6 Sep 2017 19:19:26 +0000 (UTC) In-reply-to: (charles@aurox.ch) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:136648 Archived-At: If anyone wants a fix to apply locally, the following s-expression prevents the display parameter from being used by Enriched mode (tested in Emacs 23+): (eval-after-load "enriched" '(defun enriched-decode-display-prop (start end &optional param) (list start end))) As for a fix to apply to master: I'd like to keep "x-display" if we can agree on some "safe" predicate that the given parameter would have to satisfy. Looking at the list of display specifications that are available, it seems that simple string, margin text, space-width, height (only in the (+ n), (- n) and n cases) and raise specifications should be okay. Does anybody else have an opinion about this?