bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#28350: enriched.el code execution

From: Paul Eggert
Subject: bug#28350: enriched.el code execution
Date: Sun, 10 Sep 2017 14:46:59 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 
Charles A. Roelli wrote:


Do we know that "x-color" and/or "x-bg-color" are vulnerable to a
similar misuse as "x-display"?  If not, I can still re-add them at a
later time.
Eli asked the same question privately. I don't know the code myself; perhaps Lars could say. 


+  (provide 'enriched)
+  (defun enriched-mode (&optional arg))
+  (defun enriched-decode (from to))


This fix is very safe, at the cost of disabling Enriched mode.  Could
we do any better?  I had suggested the following (in
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350#16):

   (eval-after-load "enriched"
     '(defun enriched-decode-display-prop (start end &optional param)
        (list start end)))

But it may not work in Emacs earlier than 23 (I can't test it).
It should work, since eval-after-load predates Emacs 19.29. Though it assumes that x-display is the only problem here.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]