-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sun, Feb 05, 2017 at 05:37:42PM -0800, daltong defourne wrote: > Hi! > Working with lots of non-english text and sites now. The substitution thing > is becoming a bit too much to bear. > > How dangerous would using allow_utf8_titles be? > Are risks limited to homographs or is there a risk of something fancier > happening, like, I dunno, GUI-daemon exploit (hypothetically) ?
It's mostly about (unknown) attack vector on window manager - title rendering and such. As we know from Apple world, strange things may happen here. > Is there any sanitizing happening if allow_utf8_titles is activated ? Yes, we do verify if the title is correct UTF-8 sequence. Also, ASCII control characters are still disallowed. But nothing more. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYl+SjAAoJENuP0xzK19csLYoH/0GzsPVYtmcXl8HpuHxR6iNV 2zeidlvHtGjkImiZgVxaHhh+cOpfP3iePVVvNWi/KCpP4UzwNEhN0u73hPsBErqH VZMrfB8bW3nrl1Nitib7qRlV9dYFWoZyIqbuuxgBW3fdq8Sd/lxuchqpi6d7FPc/ 60OW1lx5+K9hWXnqayfyL8YlOblPSBP8XFfrnAWkcZH/pxy4/fyx3fxA5GqfosIm +mqccJ6kveof65tuvWtfXRhpTyAMjetFmNrGFv5yVGXHC1uytxan12u1SSn4gIZD 7pefRvsyscVtWRUXvl0UoUwm8w4wk4yK7BK2DXdE4JQPSnzljA8bJJQkE4TTvbo= =+3gW -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170206025115.GF1285%40mail-itl. For more options, visit https://groups.google.com/d/optout.
