Hi, Daniel, > In a thread started by Vincent Lefevre in October [1] it was noted that > Subversion prints several pieces of information from the repository to the > terminal (including log messages and author names) without considering if > they may affect terminal behavior. > > As demonstrated by DanielSh [2] a user may inject escape sequences into a log > message and when running svn log, these affect terminal color. Git behaves > the same way, as demonstrated by me [3]. > > Can we reach consensus if this behavior is intended, unintended but desirable > or unintended and undesirable? I would value the opinions of the oldtimers > who might have background information if this was ever discussed or > considered in the early days. > > In the original thread there were several arguments both pro and con > regarding filtering/quoting escape sequences.
Some escape sequences may be useful (e. G. changing color, or bold printing) to get formatted log messages. But others may be dangerous, ranging from making the display unreadable or manipulating the window title to command execution. As I think SVN is not in the business of deep inspection of escape sequences to classify the security relevant ones, we could either use a small whitelist of possible sequences, or just filter out / mask any of them. Permitting some escape sequences requires that we reset the state to a known good one after printing the log message / username etc. Some tools like "less" sanitize and filter escape sequences in a quite sophisticated way - maybe that logic is available as a library we can use? If not, I'd either allow a small whitelist, or just genrally mask ESC (and maybe some other control characters) on output. Btw, to "officially" support "formatted log messages" as a feature, escape sequences are a rather inaccessible way - better alternatives would be things like some kind of wiki-style markup, a subset of html, rtf or similar. Just my thoughts as a past (very) small scale contributor. Regards, Markus Schaber
