-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sun, Feb 05, 2017 at 05:37:42PM -0800, daltong defourne wrote:
> Hi!
> Working with lots of non-english text and sites now. The substitution thing
> is becoming a bit too much to bear.
>
> How dangerous would using allow_utf8_titles be?
> Are risks limited to homographs or is there a risk of something fancier
> happening, like, I dunno, GUI-daemon exploit (hypothetically) ?
It's mostly about (unknown) attack vector on window manager - title
rendering and such. As we know from Apple world, strange things may
happen here.
> Is there any sanitizing happening if allow_utf8_titles is activated ?
Yes, we do verify if the title is correct UTF-8 sequence. Also, ASCII
control characters are still disallowed. But nothing more.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJYl+SjAAoJENuP0xzK19csLYoH/0GzsPVYtmcXl8HpuHxR6iNV
2zeidlvHtGjkImiZgVxaHhh+cOpfP3iePVVvNWi/KCpP4UzwNEhN0u73hPsBErqH
VZMrfB8bW3nrl1Nitib7qRlV9dYFWoZyIqbuuxgBW3fdq8Sd/lxuchqpi6d7FPc/
60OW1lx5+K9hWXnqayfyL8YlOblPSBP8XFfrnAWkcZH/pxy4/fyx3fxA5GqfosIm
+mqccJ6kveof65tuvWtfXRhpTyAMjetFmNrGFv5yVGXHC1uytxan12u1SSn4gIZD
7pefRvsyscVtWRUXvl0UoUwm8w4wk4yK7BK2DXdE4JQPSnzljA8bJJQkE4TTvbo=
=+3gW
-----END PGP SIGNATURE-----