Re: [bug?][notmuch-emacs] X11: renders Headers with face attributes

2019-03-25 Thread David Bremner 
Gregor Zattler  writes:

>
> Is this a bug?  Should untrusted senders be allowed to influence
> how headers are displayed?  I don't think so.  For me this case
> should be handled as a homograph attack
> (https://en.wikipedia.org/wiki/IDN_homograph_attack).

I'm not sure about the threat to the user here, but I agree that it
might make sense to normalize the subject at indexing time. 

>
> I do know there is character folding for searches but emacs would
> need to use the reverse for displaying characters and only
> characters which deviate in a way that is recognized as a font
> attribute.

I'm guessing this would be better handled at the notmuch CLI / library
level, where we have access to utf8 conversion facilities e.g. from
glib. It turns out that these kind of problems (related to locales) are
harder than one might expect.
___
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

[bug?][notmuch-emacs] X11: renders Headers with face attributes

2019-03-21 Thread Gregor Zattler 
Dear notmuch developers,

today I got a spam mail which's Subject: and From: header were
displayed as bold (with the exception of German umlauts) in
notmuch-emacs in a graphical frame (X11), they were displayed as
a string of hollow rectangles in a frame on a urxvt terminal (see
attached screen shots).  I see there are bold and italic
mathematical bold letters in Unicode.  The bold ones are used
here.

This are the headers in question:

Subject:=?UTF-8?B?IPCdl5jwnZe78J2YgfCdl7nwnZeu8J2YgPCdmIHwnZiC8J2Xu/Cdl7Qg8J2Xs8O88J2XvyDwnZeU8J2Xu/Cdl7TwnZey8J2XtcO28J2Xv/Cdl7bwnZe08J2XsiDwnZe28J2XuiDwnZen8J2Xv/Cdl67wnZiC8J2XsvCdl7/wnZez8J2XrvCdl7nwnZe5IA==?=
From:=?UTF-8?B?IPCdl6bwnZiB8J2XsvCdl7/wnZev8J2Xsi3wnZep8J2XvPCdl7/wnZiA8J2XvPCdl7/wnZe08J2XsiA=?=<2m...@0ytix511n5cb63oezbgj69wpm.com>

Is this a bug?  Should untrusted senders be allowed to influence
how headers are displayed?  I don't think so.  For me this case
should be handled as a homograph attack
(https://en.wikipedia.org/wiki/IDN_homograph_attack).

I do know there is character folding for searches but emacs would
need to use the reverse for displaying characters and only
characters which deviate in a way that is recognized as a font
attribute.

Thanks for your attention, Gregor
___
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch