[darcs-users] Re: Can I disable \xx quoting in record --interactive?

Tommy Pettersson ptp at lysator.liu.se
Sun Mar 20 13:01:41 UTC 2005


On Sat, Mar 19, 2005 at 10:00:47PM -0800, Junio C Hamano wrote:
> What evil patches?  My question is about "darcs record" showing

The ones I'll send to you if you don't calm down.  ;-)

It is possible to insert escape codes in any terminal output
that will put shell commands in invisible places that execute
when you hit return, or even get expanded and executed directly
by the terminal or shell.  I'm not an expert on this, but I
do trust those who say it is a concern.

I understand it's frustrating.  For me it's only 4 % of a
normal text file that is non-ascii, and latin writing also
have much redundancy so I can guess what's been escaped.
And *still* it is very frustrating.  With EUC-JP I'd guess
you see almost nothing but hex, right?  This renders darcs
pretty much unusable for you.

The code for deciding what to escape is not so hard to understand.
Here is a patch for darcs that will turn off _all_ escaping.

{
hunk ./ColourPrinter.lhs 52
-no_escape c = (isAscii c || trustIsPrint) && (isPrint c || isSpace c)
+no_escape c = True || (isAscii c || trustIsPrint) && (isPrint c || isSpace c)
}

If you rebuild darcs with this change you should probably be
able to see EUC-JP chars.  But it will not protect you from
even rather harmless control chars like ^H and ^M.  If you pull
patches from a friend and one of them inserts the line

  printf("Hi Junio\n");^M/* just a harmless comment */

the darcs pull dialogue will show this line to you as

  +/* just a harmless comment */

Arrrrg!!  I just discovered an unpleasant bug in darcs.
isSpace '^M'  is True, so normal darcs actually DOESN'T
escape ^M-s, which means the above trick can be played with
current darcs.


-- 
Tommy Pettersson <ptp at lysator.liu.se>




More information about the darcs-users mailing list