|
From: | Paul Eggert |
Subject: | bug#28350: enriched.el code execution |
Date: | Sun, 10 Sep 2017 14:46:59 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 |
Charles A. Roelli wrote:
Do we know that "x-color" and/or "x-bg-color" are vulnerable to a similar misuse as "x-display"? If not, I can still re-add them at a later time.
Eli asked the same question privately. I don't know the code myself; perhaps Lars could say.
+ (provide 'enriched) + (defun enriched-mode (&optional arg)) + (defun enriched-decode (from to))This fix is very safe, at the cost of disabling Enriched mode. Could we do any better? I had suggested the following (in https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350#16): (eval-after-load "enriched" '(defun enriched-decode-display-prop (start end &optional param) (list start end))) But it may not work in Emacs earlier than 23 (I can't test it).
It should work, since eval-after-load predates Emacs 19.29. Though it assumes that x-display is the only problem here.
[Prev in Thread] | Current Thread | [Next in Thread] |