Return-Path: <jani@nikula.org>
X-Original-To: notmuch@notmuchmail.org
Delivered-To: notmuch@notmuchmail.org
Received: from localhost (localhost [127.0.0.1])
	by olra.theworths.org (Postfix) with ESMTP id C1AB6431FAF
	for <notmuch@notmuchmail.org>; Fri, 11 Oct 2013 08:21:00 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
X-Spam-Flag: NO
X-Spam-Score: -0.7
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5
	tests=[RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled
Received: from olra.theworths.org ([127.0.0.1])
	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id n7NoHgi3PpqB for <notmuch@notmuchmail.org>;
	Fri, 11 Oct 2013 08:20:55 -0700 (PDT)
Received: from mail-ee0-f46.google.com (mail-ee0-f46.google.com
 [74.125.83.46])	(using TLSv1 with cipher RC4-SHA (128/128 bits))	(No client
 certificate requested)	by olra.theworths.org (Postfix) with ESMTPS id
 20017431FB6	for <notmuch@notmuchmail.org>; Fri, 11 Oct 2013 08:20:55 -0700
 (PDT)
Received: by mail-ee0-f46.google.com with SMTP id c13so1953395eek.19
	for <notmuch@notmuchmail.org>; Fri, 11 Oct 2013 08:20:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:in-reply-to:references
	:user-agent:date:message-id:mime-version:content-type;
	bh=qUmfV6blunwVy76PQckxHxV83tFb4LrjVO52dIOiRlw=;
	b=Gf+Cy1w2D3v0lCUZcXlHtmhIN3YRISKnnGnUacZCb7B3OMzO7ncEEafykeevWZBTt5
	Iz9UP6G9mYpmpk39OBtsRmnRNBdskI+iqWZGNFy8oNPTDHX+Dmkoy0n/zhB7RQ7qUMoX
	TfGVBwAIOYzCEQkAVxOdfXFNyE5sj0It/1qu2cCajmorAfa3ndkvtVAMDq9n0SECVeKC
	Sopx7qkjlxTNM9NKea3CmmAKEiCCFF8PqpwQCGFzG7/kDv42ebRQP5fgUDjYjFX46mqa
	qdBqXTQYOsg19rJWXnTpV9YXcIAiacOjS9l1n9yzqCscfxm8L3YMAXPzQGUwt8Srefo4
	AyiQ==
X-Gm-Message-State:
 ALoCoQk+tPMHKMCy0SfyFqBWqm6l/2qxCtIS5yMpy8EAJalvnFQ7wtb4jHV9COX/27fkGFYFsuCy
X-Received: by 10.14.87.135 with SMTP id y7mr3991954eee.57.1381504853738;
	Fri, 11 Oct 2013 08:20:53 -0700 (PDT)
Received: from localhost (dsl-hkibrasgw2-58c36f-91.dhcp.inet.fi.
	[88.195.111.91]) by mx.google.com with ESMTPSA id
	z12sm115839243eev.6.1969.12.31.16.00.00
	(version=TLSv1.2 cipher=RC4-SHA bits=128/128);
	Fri, 11 Oct 2013 08:20:52 -0700 (PDT)
From: Jani Nikula <jani@nikula.org>
To: Austin Clements <amdragon@MIT.EDU>, notmuch@notmuchmail.org
Subject: Re: [PATCH WIP] emacs: Sanitize authors and subjects in search and
	show
In-Reply-To: <1381499619-14219-1-git-send-email-amdragon@mit.edu>
References: <1381499619-14219-1-git-send-email-amdragon@mit.edu>
User-Agent: Notmuch/0.16+96~g459c586 (http://notmuchmail.org) Emacs/24.3.1
	(x86_64-pc-linux-gnu)
Date: Fri, 11 Oct 2013 18:20:51 +0300
Message-ID: <87d2nbzve4.fsf@nikula.org>
MIME-Version: 1.0
Content-Type: text/plain
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: "Use and development of the notmuch mail system."
	<notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2013 15:21:00 -0000

On Fri, 11 Oct 2013, Austin Clements <amdragon@MIT.EDU> wrote:
> Authors and subjects can contain embedded, encoded control characters
> like "\n" and "\t" that mess up display.  Transform control characters
> into spaces everywhere we display them in search and show.
> ---
>
> This could obviously use some tests, but I thought I'd get it out
> there to see what people thought or if the behavior should be tweaked.

I like it. Seems to work as advertized with some crappy Subject: lines
in my mail.

BR,
Jani.


>
> Of course, I can't guarantee that this is all of the places we display
> untrusted header text.  I'm really not sure how to make that guarantee
> (suggestions welcome).
>
>  emacs/notmuch-lib.el  | 6 ++++++
>  emacs/notmuch-show.el | 7 ++++---
>  emacs/notmuch.el      | 6 ++++--
>  3 files changed, 14 insertions(+), 5 deletions(-)
>
> diff --git a/emacs/notmuch-lib.el b/emacs/notmuch-lib.el
> index 58f3313..6541282 100644
> --- a/emacs/notmuch-lib.el
> +++ b/emacs/notmuch-lib.el
> @@ -243,6 +243,12 @@ depending on the value of `notmuch-poll-script'."
>  	"[No Subject]"
>        subject)))
>  
> +(defun notmuch-sanitize (str)
> +  "Sanitize control character in STR.
> +
> +This includes newlines, tabs, and other funny characters."
> +  (replace-regexp-in-string "[[:cntrl:]\x7f\u2028\u2029]+" " " str))
> +
>  (defun notmuch-escape-boolean-term (term)
>    "Escape a boolean term for use in a query.
>  
> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
> index 7325792..fa11d98 100644
> --- a/emacs/notmuch-show.el
> +++ b/emacs/notmuch-show.el
> @@ -407,7 +407,8 @@ unchanged ADDRESS if parsing fails."
>  message at DEPTH in the current thread."
>    (let ((start (point)))
>      (insert (notmuch-show-spaces-n (* notmuch-show-indent-messages-width depth))
> -	    (notmuch-show-clean-address (plist-get headers :From))
> +	    (notmuch-sanitize
> +	     (notmuch-show-clean-address (plist-get headers :From)))
>  	    " ("
>  	    date
>  	    ") ("
> @@ -417,7 +418,7 @@ message at DEPTH in the current thread."
>  
>  (defun notmuch-show-insert-header (header header-value)
>    "Insert a single header."
> -  (insert header ": " header-value "\n"))
> +  (insert header ": " (notmuch-sanitize header-value) "\n"))
>  
>  (defun notmuch-show-insert-headers (headers)
>    "Insert the headers of the current message."
> @@ -1154,7 +1155,7 @@ function is used."
>        (jit-lock-register #'notmuch-show-buttonise-links)
>  
>        ;; Set the header line to the subject of the first message.
> -      (setq header-line-format (notmuch-show-strip-re (notmuch-show-get-subject)))
> +      (setq header-line-format (notmuch-sanitize (notmuch-show-strip-re (notmuch-show-get-subject))))
>  
>        (run-hooks 'notmuch-show-hook))))
>  
> diff --git a/emacs/notmuch.el b/emacs/notmuch.el
> index c47c6b5..44cd2fd 100644
> --- a/emacs/notmuch.el
> +++ b/emacs/notmuch.el
> @@ -791,11 +791,13 @@ non-authors is found, assume that all of the authors match."
>  					(plist-get result :total)))
>  			'face 'notmuch-search-count)))
>     ((string-equal field "subject")
> -    (insert (propertize (format format-string (plist-get result :subject))
> +    (insert (propertize (format format-string
> +				(notmuch-sanitize (plist-get result :subject)))
>  			'face 'notmuch-search-subject)))
>  
>     ((string-equal field "authors")
> -    (notmuch-search-insert-authors format-string (plist-get result :authors)))
> +    (notmuch-search-insert-authors
> +     format-string (notmuch-sanitize (plist-get result :authors))))
>  
>     ((string-equal field "tags")
>      (let ((tags (plist-get result :tags)))
> -- 
> 1.8.4.rc3