From: Paul Eggert <eggert@cs.ucla.edu>
To: Eli Zaretskii <eliz@gnu.org>
Cc: Noam Postavsky <npostavs@users.sourceforge.net>, emacs-devel@gnu.org
Subject: Re: Change of Lisp syntax for "fancy" quotes in Emacs 27?
Date: Sat, 6 Oct 2018 08:51:18 -0700 [thread overview]
Message-ID: <5ebde087-561e-c71a-0840-d99626c02dcf@cs.ucla.edu> (raw)
In-Reply-To: <83k1mv1j1b.fsf@gnu.org>
Eli Zaretskii wrote:
> I agree that viewing ELisp code outside of Emacs is a valid use case.
> But I don't think a backslash before these non-ASCII quotes will
> significantly lower the confusion potential when those characters are
> used in the source.
I don't follow. If someone writes '(let ((foo\ bar)) baz)' then a human reader
is put immediately and obviously on notice that there's something odd about that
code. We already require a backslash for that ordinary space (U+0020); why not
also require it for EN SPACE (U+2002)? That will significantly lower confusion here.
The point is not to distinguish 'foo\ bar' (with ordinary space) from 'foo\ bar'
(with en space); the point is to distinguish both from the 'foo bar' (two
identifiers) that a reader would ordinarily expect here, because that's the main
way a malicious hacker could confuse even experienced reviewers.
> Basically, there's a contradiction here between our desire not to
> confuse relatively inexperienced users of ELisp and help them avoid
> problems which might be hard to figure out, and our desire not to
> annoy experienced users.
That's not the point I was making. I'm an experienced Elisp user, and I am
*extremely annoyed* (to put it mildly) that malicious users can put one over on
us by using characters that look like spaces, or parentheses, or whatever,
characters that are not what they look like. This has nothing to do with
confusing inexperienced users. I *really want* Elisp to be relatively immune to
this problem, at least for programs that I help maintain. And I don't want the
immunity to work only when I'm using Emacs on a nice display: I often read code
with Emacs highlighting unavailable or turned off, or without using Emacs at all.
At the very least there should be an option whereby the Emacs source code itself
is routinely verified to be free of confusable characters in identifiers, to
help prevent malicious code from sneaking into Emacs itself. Even if we give
users the ability to let others shoot them, we should at least improve our own
defenses.
> I don't see how
> we can be harsh to uses of these characters without actually
> prohibiting their use in symbols.
I already gave one proposal for doing just that: require that characters
confusable with ASCII be escaped. Initially we can merely warn about any
unescaped confusables; as long as the warning is prominent enough that should be
OK for starters. This proposal does not prohibit their use in symbols, as one
can simply escape the characters.
There are other ways to skin this cat as well. We should be heading in this
direction, not removing the (admittedly inadequate) protection we already have.
next prev parent reply other threads:[~2018-10-06 15:51 UTC|newest]
Thread overview: 98+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-02 22:24 Change of Lisp syntax for "fancy" quotes in Emacs 27? Noam Postavsky
2018-02-02 22:52 ` Paul Eggert
2018-02-03 0:00 ` Drew Adams
2018-02-03 0:09 ` Paul Eggert
2018-02-03 0:39 ` Drew Adams
2018-02-03 8:33 ` Eli Zaretskii
2018-02-03 16:16 ` Drew Adams
2018-02-03 17:05 ` Eli Zaretskii
2018-02-04 1:16 ` Michael Heerdegen
2018-02-04 1:25 ` Clément Pit-Claudel
2018-02-04 2:05 ` Drew Adams
2018-02-04 2:06 ` Michael Heerdegen
2018-02-04 10:34 ` Alan Third
2018-02-04 15:36 ` Clément Pit-Claudel
2018-02-04 17:37 ` Eli Zaretskii
2018-02-04 21:31 ` Noam Postavsky
2018-02-04 11:15 ` Alan Mackenzie
2018-02-04 15:54 ` Drew Adams
2018-02-04 14:47 ` Noam Postavsky
2018-02-04 1:55 ` Drew Adams
2018-02-04 2:10 ` Noam Postavsky
2018-02-05 1:06 ` Why "symbol's value" error about a list? Richard Stallman
2018-02-05 20:35 ` Alan Mackenzie
2018-02-05 21:46 ` Drew Adams
2018-02-06 4:13 ` Eli Zaretskii
2018-02-06 7:32 ` Tim Cross
2018-02-06 7:40 ` Eli Zaretskii
2018-02-06 15:45 ` Drew Adams
2018-02-06 15:45 ` Drew Adams
2018-02-06 19:17 ` Eli Zaretskii
2018-02-06 14:51 ` Richard Stallman
2018-02-06 11:27 ` Noam Postavsky
2018-02-06 14:53 ` Richard Stallman
2018-02-06 18:59 ` Eli Zaretskii
2018-02-07 2:40 ` Richard Stallman
2018-02-07 3:42 ` Eli Zaretskii
2018-02-06 18:52 ` Eli Zaretskii
2018-02-05 1:06 ` Change of Lisp syntax for "fancy" quotes in Emacs 27? Richard Stallman
2018-02-03 18:13 ` Aaron Ecay
2018-02-04 2:05 ` Drew Adams
2018-02-04 4:51 ` Paul Eggert
2018-02-04 9:47 ` Andreas Schwab
2018-02-04 15:04 ` Noam Postavsky
2018-02-04 17:33 ` Eli Zaretskii
2018-02-04 19:36 ` Paul Eggert
2018-02-04 19:55 ` Philipp Stephani
2018-02-04 20:10 ` Eli Zaretskii
2018-02-04 20:36 ` Eli Zaretskii
2018-02-04 20:48 ` Paul Eggert
2018-02-04 20:59 ` Clément Pit-Claudel
2018-10-05 0:03 ` Noam Postavsky
2018-10-05 1:01 ` Paul Eggert
2018-10-05 8:43 ` Eli Zaretskii
2018-10-05 23:02 ` Paul Eggert
2018-10-06 0:20 ` Drew Adams
2018-10-06 9:14 ` Alan Mackenzie
2018-10-06 14:34 ` Stefan Monnier
2018-10-06 14:57 ` Drew Adams
2018-10-06 15:42 ` Garreau, Alexandre
2018-10-06 16:10 ` Paul Eggert
2018-10-06 16:17 ` Paul Eggert
2018-10-07 1:13 ` Drew Adams
2018-10-08 3:51 ` Richard Stallman
2018-10-06 10:11 ` Eli Zaretskii
2018-10-06 15:51 ` Paul Eggert [this message]
2018-10-06 16:45 ` Eli Zaretskii
2018-10-06 18:03 ` Paul Eggert
2018-10-06 18:29 ` Eli Zaretskii
2018-10-06 19:18 ` Paul Eggert
2018-10-06 19:30 ` Paul Eggert
2018-10-06 19:32 ` Garreau, Alexandre
2018-10-06 11:22 ` Garreau, Alexandre
2018-10-06 11:50 ` Eli Zaretskii
2018-10-06 12:10 ` Garreau, Alexandre
2018-10-06 14:00 ` Eli Zaretskii
2018-10-24 22:25 ` Noam Postavsky
2018-10-06 13:15 ` Unicode security-issues workarounds elsewhere [Was: Re: Change of Lisp syntax for "fancy" quotes in Emacs 27?] Garreau, Alexandre
2018-10-06 14:01 ` Eli Zaretskii
2018-10-06 16:24 ` Change of Lisp syntax for "fancy" quotes in Emacs 27? Paul Eggert
2018-10-06 16:40 ` Stefan Monnier
2018-10-09 14:43 ` Noam Postavsky
2018-10-09 15:30 ` Paul Eggert
2018-10-09 16:13 ` Eli Zaretskii
2018-10-09 17:07 ` Paul Eggert
2018-10-09 19:18 ` Andreas Schwab
2018-10-10 9:39 ` Aaron Ecay
2018-10-10 11:18 ` Garreau, Alexandre
2018-10-10 14:31 ` Eli Zaretskii
2018-10-10 15:18 ` Eli Zaretskii
2018-10-10 15:43 ` Drew Adams
2018-10-10 16:08 ` Yuri Khan
2018-10-15 20:30 ` Juri Linkov
2018-10-10 3:58 ` Richard Stallman
2018-10-10 3:57 ` Richard Stallman
2018-10-10 14:41 ` Eli Zaretskii
2018-10-11 5:01 ` Richard Stallman
2018-10-06 15:40 ` eval-last-sexp / C-x C-e, and punctuation like `?’' [Was: Re: Change of Lisp syntax for "fancy" quotes in Emacs 27?)] Garreau, Alexandre
2018-10-16 12:48 ` Change of Lisp syntax for "fancy" quotes in Emacs 27? Garreau, Alexandre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5ebde087-561e-c71a-0840-d99626c02dcf@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=eliz@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=npostavs@users.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).