--- /dev/null
+Return-Path: <amdragon@mit.edu>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by olra.theworths.org (Postfix) with ESMTP id 26323431FAF\r
+ for <notmuch@notmuchmail.org>; Fri, 11 Oct 2013 06:53:55 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: -0.7\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5\r
+ tests=[RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+ by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id E7NuJZOKdixg for <notmuch@notmuchmail.org>;\r
+ Fri, 11 Oct 2013 06:53:48 -0700 (PDT)\r
+Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu\r
+ [18.9.25.14])\r
+ by olra.theworths.org (Postfix) with ESMTP id BFF62431FAE\r
+ for <notmuch@notmuchmail.org>; Fri, 11 Oct 2013 06:53:48 -0700 (PDT)\r
+X-AuditID: 1209190e-b7f828e0000009cf-44-525802ecb503\r
+Received: from mailhub-auth-4.mit.edu ( [18.7.62.39])\r
+ by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP\r
+ id A3.32.02511.CE208525; Fri, 11 Oct 2013 09:53:48 -0400 (EDT)\r
+Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])\r
+ by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id r9BDrjx0010092; \r
+ Fri, 11 Oct 2013 09:53:46 -0400\r
+Received: from drake.dyndns.org\r
+ (216-15-114-40.c3-0.arl-ubr1.sbo-arl.ma.cable.rcn.com\r
+ [216.15.114.40]) (authenticated bits=0)\r
+ (User authenticated as amdragon@ATHENA.MIT.EDU)\r
+ by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id r9BDrhku029569\r
+ (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT);\r
+ Fri, 11 Oct 2013 09:53:44 -0400\r
+Received: from amthrax by drake.dyndns.org with local (Exim 4.77)\r
+ (envelope-from <amdragon@mit.edu>)\r
+ id 1VUd9y-0003jS-Ha; Fri, 11 Oct 2013 09:53:42 -0400\r
+From: Austin Clements <amdragon@MIT.EDU>\r
+To: notmuch@notmuchmail.org\r
+Subject: [PATCH WIP] emacs: Sanitize authors and subjects in search and show\r
+Date: Fri, 11 Oct 2013 09:53:39 -0400\r
+Message-Id: <1381499619-14219-1-git-send-email-amdragon@mit.edu>\r
+X-Mailer: git-send-email 1.8.4.rc3\r
+X-Brightmail-Tracker:\r
+ H4sIAAAAAAAAA+NgFlrMIsWRmVeSWpSXmKPExsUixG6nrvuGKSLIYGWPsEXTdGeL6zdnMjsw\r
+ edy6/5rd49mqW8wBTFFcNimpOZllqUX6dglcGX/+72EveCBVcaoro4HxlmgXIyeHhICJxMK/\r
+ r9khbDGJC/fWs3UxcnEICexjlOhoXgLlbGSUWDD1EjOEc4dJYtvpx4wQzlxGiRn3LoD1swlo\r
+ SGzbv5wRxBYRkJbYeXc2axcjBwezgLnEzZY4kLCwgI/ErW/XmEFsFgFViV9zvzOB2LwCDhKr\r
+ 7h9nhjhDSWLhqW2sExh5FzAyrGKUTcmt0s1NzMwpTk3WLU5OzMtLLdI11svNLNFLTSndxAgK\r
+ C05Jvh2MXw8qHWIU4GBU4uG1YAgPEmJNLCuuzD3EKMnBpCTKa/cHKMSXlJ9SmZFYnBFfVJqT\r
+ WnyIUYKDWUmEt+0vUI43JbGyKrUoHyYlzcGiJM57k8M+SEggPbEkNTs1tSC1CCYrw8GhJMHr\r
+ Dwx/IcGi1PTUirTMnBKENBMHJ8hwHqDhMSA1vMUFibnFmekQ+VOMilLivGUgCQGQREZpHlwv\r
+ LG5fMYoDvSLMmwxSxQOMebjuV0CDmYAGb/8eAjK4JBEhJdXAmGW4rXbCjp5W11g/nmLLe9O7\r
+ OGc6Oxxz37Z2bc+q/zLekicTWf7N3ZR/Ncb/zeOYjXtdZos+j9+k05O4V5r35fGCqPCMFJ9d\r
+ B4/m+x7b3Z6Vea2PwXXJ7cSFB3Rjd/9onMwYlvNQnzXg8AsHNyv3qKsC2f+ex4nZy3Wnzd+8\r
+ akrGEjPVsMYcJZbijERDLeai4kQA03XnbLYCAAA=\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Fri, 11 Oct 2013 13:53:55 -0000\r
+\r
+Authors and subjects can contain embedded, encoded control characters\r
+like "\n" and "\t" that mess up display. Transform control characters\r
+into spaces everywhere we display them in search and show.\r
+---\r
+\r
+This could obviously use some tests, but I thought I'd get it out\r
+there to see what people thought or if the behavior should be tweaked.\r
+\r
+Of course, I can't guarantee that this is all of the places we display\r
+untrusted header text. I'm really not sure how to make that guarantee\r
+(suggestions welcome).\r
+\r
+ emacs/notmuch-lib.el | 6 ++++++\r
+ emacs/notmuch-show.el | 7 ++++---\r
+ emacs/notmuch.el | 6 ++++--\r
+ 3 files changed, 14 insertions(+), 5 deletions(-)\r
+\r
+diff --git a/emacs/notmuch-lib.el b/emacs/notmuch-lib.el\r
+index 58f3313..6541282 100644\r
+--- a/emacs/notmuch-lib.el\r
++++ b/emacs/notmuch-lib.el\r
+@@ -243,6 +243,12 @@ depending on the value of `notmuch-poll-script'."\r
+ "[No Subject]"\r
+ subject)))\r
+ \r
++(defun notmuch-sanitize (str)\r
++ "Sanitize control character in STR.\r
++\r
++This includes newlines, tabs, and other funny characters."\r
++ (replace-regexp-in-string "[[:cntrl:]\x7f\u2028\u2029]+" " " str))\r
++\r
+ (defun notmuch-escape-boolean-term (term)\r
+ "Escape a boolean term for use in a query.\r
+ \r
+diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el\r
+index 7325792..fa11d98 100644\r
+--- a/emacs/notmuch-show.el\r
++++ b/emacs/notmuch-show.el\r
+@@ -407,7 +407,8 @@ unchanged ADDRESS if parsing fails."\r
+ message at DEPTH in the current thread."\r
+ (let ((start (point)))\r
+ (insert (notmuch-show-spaces-n (* notmuch-show-indent-messages-width depth))\r
+- (notmuch-show-clean-address (plist-get headers :From))\r
++ (notmuch-sanitize\r
++ (notmuch-show-clean-address (plist-get headers :From)))\r
+ " ("\r
+ date\r
+ ") ("\r
+@@ -417,7 +418,7 @@ message at DEPTH in the current thread."\r
+ \r
+ (defun notmuch-show-insert-header (header header-value)\r
+ "Insert a single header."\r
+- (insert header ": " header-value "\n"))\r
++ (insert header ": " (notmuch-sanitize header-value) "\n"))\r
+ \r
+ (defun notmuch-show-insert-headers (headers)\r
+ "Insert the headers of the current message."\r
+@@ -1154,7 +1155,7 @@ function is used."\r
+ (jit-lock-register #'notmuch-show-buttonise-links)\r
+ \r
+ ;; Set the header line to the subject of the first message.\r
+- (setq header-line-format (notmuch-show-strip-re (notmuch-show-get-subject)))\r
++ (setq header-line-format (notmuch-sanitize (notmuch-show-strip-re (notmuch-show-get-subject))))\r
+ \r
+ (run-hooks 'notmuch-show-hook))))\r
+ \r
+diff --git a/emacs/notmuch.el b/emacs/notmuch.el\r
+index c47c6b5..44cd2fd 100644\r
+--- a/emacs/notmuch.el\r
++++ b/emacs/notmuch.el\r
+@@ -791,11 +791,13 @@ non-authors is found, assume that all of the authors match."\r
+ (plist-get result :total)))\r
+ 'face 'notmuch-search-count)))\r
+ ((string-equal field "subject")\r
+- (insert (propertize (format format-string (plist-get result :subject))\r
++ (insert (propertize (format format-string\r
++ (notmuch-sanitize (plist-get result :subject)))\r
+ 'face 'notmuch-search-subject)))\r
+ \r
+ ((string-equal field "authors")\r
+- (notmuch-search-insert-authors format-string (plist-get result :authors)))\r
++ (notmuch-search-insert-authors\r
++ format-string (notmuch-sanitize (plist-get result :authors))))\r
+ \r
+ ((string-equal field "tags")\r
+ (let ((tags (plist-get result :tags)))\r
+-- \r
+1.8.4.rc3\r
+\r