From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Lars Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.devel
Subject: Re: master ce63f91025: Add textsec functions for verifying email
 addresses
Date: Thu, 20 Jan 2022 13:46:24 +0100
Message-ID: <87r1921snz.fsf@gnus.org>
References: <164250841214.433.17670666873471731764@vcs2.savannah.gnu.org>
 <20220118122012.7A3A4C0DA1B@vcs2.savannah.gnu.org>
 <87ee555fy8.fsf@yahoo.com> <8335lkvqas.fsf@gnu.org>
 <871r127pzl.fsf@gnus.org> <83czkmrbha.fsf@gnu.org>
 <87ee524u0j.fsf@gnus.org> <838rvar9n0.fsf@gnu.org>
 <874k5y3brg.fsf@gnus.org> <834k5yr6fv.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="36775"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux)
Cc: luangruo@yahoo.com, emacs-devel@gnu.org
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Jan 20 20:33:59 2022
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1nAdC2-0009M1-A2
	for ged-emacs-devel@m.gmane-mx.org; Thu, 20 Jan 2022 20:33:58 +0100
Original-Received: from localhost ([::1]:45392 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1nAdC1-0002Ss-9e
	for ged-emacs-devel@m.gmane-mx.org; Thu, 20 Jan 2022 14:33:57 -0500
Original-Received: from eggs.gnu.org ([209.51.188.92]:45098)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <larsi@gnus.org>) id 1nAWpl-0006Aw-TH
 for emacs-devel@gnu.org; Thu, 20 Jan 2022 07:46:38 -0500
Original-Received: from [2a01:4f9:2b:f0f::2] (port=38744 helo=quimby.gnus.org)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <larsi@gnus.org>)
 id 1nAWpk-0001MS-BG; Thu, 20 Jan 2022 07:46:33 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnus.org;
 s=20200322; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID
 :In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=H/zJ3e146N8PwVITIpjRyCiAUy26OdDcNcBSie6pGDI=; b=VoYb+G8G/it0gJKMvOdlRqHIqv
 7UWDzajYex48i2n1IIwjxFRZv8IQEqUZfxU2OSfFQlZqNHS8qISz27koHJ4NBPPiAzLc5c4S7HwaA
 oQkK2C6grxwnTOsxLpO5ag4Q/LijfbPuTUBrNnLWg6RL7ajGo3QfuSnwQET6yQchUQGQ=;
Original-Received: from [84.212.220.105] (helo=giant)
 by quimby.gnus.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <larsi@gnus.org>)
 id 1nAWpd-0005gE-1I; Thu, 20 Jan 2022 13:46:27 +0100
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwAgMAAAAqbBEUAAAABGdBTUEAALGPC/xhBQAAACBj
 SFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAADFBMVEXYvrCyd2Q2HiP/
 ///sZlnNAAAAAWJLR0QDEQxM8gAAAAd0SU1FB+YBFAwsHiT2FO4AAAF2SURBVCjPPZLNauMwFIWP
 SpRFVhlwAs3TyAV7MSsVfA3xuilET9G+QQaqQL3KYmTq+5RzJGfijfX5nPvjq4uVBRxWMA4dHsct
 LHpVHVRnvj6x0cdzwZOmcxoGLUqrx+n6XeAD63GMGt8zfOHl/fuqaVps/cDDnI7nwATrkugUbmvC
 Sz4nrxeTE/Ac5Zc2ZrHN4jazNRpZR1W8/bHm8ImD6igdzsAh28ZrPIkQPmhrJg3JAcFREbY/XayZ
 PSHmX0oib5Y2GQoc+dN7laAaYi8r5BgK7QKt5pBW2uiyciU0somu4gxGdvcsv8WZMiomSINkWwqZ
 5hMbxNNXAf2Twcoywdj47QOk8Rb1AjMss+3+ww45JpTZmnw7tYRSytaLwpFO6oyvYOSQm7vxs8Gr
 DKlcVL7K3QJU4Gnr5zsY1H4/s7u/QMWwbq8EDs52qLs+KzfuQg2R/m7jdqwJwwIURfQOwLYyxvlq
 ZeBY575DLGnhXJe3zG+p/QPmJduKBeYB6wAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAyMi0wMS0yMFQx
 Mjo0NDozMCswMDowMOv8P8sAAAAldEVYdGRhdGU6bW9kaWZ5ADIwMjItMDEtMjBUMTI6NDQ6MzAr
 MDA6MDCaoYd3AAAAAElFTkSuQmCC
X-Now-Playing: Cristina's _Cristina_: "La =?utf-8?Q?Poup=C3=A9e?= Qui Fait Non"
In-Reply-To: <834k5yr6fv.fsf@gnu.org> (Eli Zaretskii's message of "Thu, 20 Jan
 2022 13:29:40 +0200")
X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a01:4f9:2b:f0f::2 (failed)
Received-SPF: pass client-ip=2a01:4f9:2b:f0f::2; envelope-from=larsi@gnus.org;
 helo=quimby.gnus.org
X-Spam_score_int: -35
X-Spam_score: -3.6
X-Spam_bar: ---
X-Spam_report: (-3.6 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_MED=-2.3, RDNS_NONE=0.793, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:285050
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/285050>

Eli Zaretskii <eliz@gnu.org> writes:

> The problem is that the answer to that question depends on the
> following text.  E.g., if RIGHT-TO-LEFT OVERRIDE is followed by R2L
> characters, they will not be affected.

Yes.  But it's certainly suspicious to have such dangling control
characters in a string, which is what we're wondering about.

> We could try appending some representative text to the string being
> tested, of course.  For example, append a fixed string like this:
>
>    a1=D7=90:!
>
> and see if the function returns non-nil position that points to one of
> those characters; if so, consider the original string "unsafe".
>
> Would that be good enough for textsec purposes?

Sounds good to me.  It should probably be baked into its own utility
function, so that other people that wonder about strings they have
doesn't have to know anything about these things.

--=20
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no