Dear notmuch developers,
today I got a spam mail which's Subject: and From: header were
displayed as bold (with the exception of German umlauts) in
notmuch-emacs in a graphical frame (X11), they were displayed as
a string of hollow rectangles in a frame on a urxvt terminal (see
attached screen shots). I see there are bold and italic
mathematical bold letters in Unicode. The bold ones are used
here.
This are the headers in question:
Subject:=?UTF-8?B?IPCdl5jwnZe78J2YgfCdl7nwnZeu8J2YgPCdmIHwnZiC8J2Xu/Cdl7Qg8J2Xs8O88J2XvyDwnZeU8J2Xu/Cdl7TwnZey8J2XtcO28J2Xv/Cdl7bwnZe08J2XsiDwnZe28J2XuiDwnZen8J2Xv/Cdl67wnZiC8J2XsvCdl7/wnZez8J2XrvCdl7nwnZe5IA==?=
From:=?UTF-8?B?IPCdl6bwnZiB8J2XsvCdl7/wnZev8J2Xsi3wnZep8J2XvPCdl7/wnZiA8J2XvPCdl7/wnZe08J2XsiA=?=<2m...@0ytix511n5cb63oezbgj69wpm.com>
Is this a bug? Should untrusted senders be allowed to influence
how headers are displayed? I don't think so. For me this case
should be handled as a homograph attack
(https://en.wikipedia.org/wiki/IDN_homograph_attack).
I do know there is character folding for searches but emacs would
need to use the reverse for displaying characters and only
characters which deviate in a way that is recognized as a font
attribute.
Thanks for your attention, Gregor
___
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch