* Yves-Alexis Perez [2018-02-08 20:38:01 +0100]:
> Hi, thanks for the bug report. Can you provide the upstream bug report on
> this? I can't reproduce with:
> notify-send '<like this> &this' on xfce4-notifyd 0.4.1-1 so maybe it's been
> fixed meanwhile.

The upstream bug numbers are #10027 and #14073. Yes, 0.4.1 includes some of
the associated fixes, although as noted in
nothing short of xfce4-notifyd parsing the notification string itself will
actually solve the problem, and this planned for 0.4.2 at the earliest.

Apparently, only the body is subject to markup interpretation. Try
        notify-send 'markup test' '<like this> &this'
On Debian stretch, this yields:
  xfce4-notifyd[2039]: Failed to set text '<like this> &this' from markup due 
to error parsing markup: Error on line 1 char 19: Odd character '>', expected a 
'=' after attribute name 'this' of element 'like'
(and the body isn't shown to the user, only logged).

> First, it's definitely not xfce4-notifyd sending this to syslog. More likely
> it's just output to stdout/stderr and systemd forwards it to journal and the
> syslog.

The systemd unit file is part of this Debian package, and the information is
being disclosed by xfce4-notifyd. That xfce4-notifyd doesn't call syslog()
directly is just an implementation detail as far as I'm concerned.

Attachment: signature.asc
Description: PGP signature

Reply via email to