On Tue, Jan 17, 2023 at 3:02 PM Doug Robinson <doug.robin...@wandisco.com> wrote:
> Daniel, et. al.: > > On Mon, Jan 2, 2023 at 5:14 PM Daniel Sahlberg < > daniel.l.sahlb...@gmail.com> wrote: > >> In a thread started by Vincent Lefevre in October [1] it was noted that >> Subversion prints several pieces of information from the repository to the >> terminal (including log messages and author names) without considering if >> they may affect terminal behaviour. >> >> As demonstrated by DanielSh [2] a user may inject escape sequences into a >> log message and when running svn log, these affect terminal color. Git >> behaves the same way, as demonstrated by me [3]. >> > > Any idea what Git is going to do with this? > Unless someone reports (reported?) it to the Git devs, it's possible they aren't aware of it. If we want to do something about it on our end, it might make sense to coordinate with the Git devs so that both systems could have similar behavior. But... I'm not sure whether we want to do anything yet, partly because... Can we reach consensus if this behaviour is intended, unintended but >> desirable or unintended and undesirable? I would value the opinions of the >> oldtimers who might have background information if this was ever discussed >> or considered in the early days. >> >> In the original thread there were several arguments both pro and con >> regarding filtering/quoting escape sequences. >> > > From my perspective trying to do anything about this is opening up a huge > investigation that may result in incompatible-with-history choices. > > 1. What about "svn diff" ? (any modifications here could break "patch", > et. al.) > 2. What about "svn cat" ? > 3. What about properties? (I just verified you can place escape sequences > in them). > ... > > (I doubt my list above is complete.) > ...of concerns that doing so will break stuff. I have other concerns as well, such as: will we end up forever discovering and having to add new cases of escape sequences? I meant to research the above question but haven't gotten to it because of other work. As part of that, I meant to look into what (if anything) standards like POSIX have to say about whether and what programs should filter/escape in their output, and how some of the standard Unix utilities behave -- I can check this on Linux and Mac; the latter uses BSD utilities, which have slightly different behavior to the GNU utilities. It should be quite informative to try both. A "complete" implementation of a "feature" to mask/protect-against escape > sequences is also going to need an option to enable the raw output > (including the escape sequences) for every command/context where they could > be coming out today. The reason is that somebody out there has possibly > used that "feature" as a "capability" to automate something. Preventing > the output now would completely break whatever automation they cooked up. > And it is unlikely that anyone inheriting that automation will understand > it enough AND be reading this thread to object. > > Changing the default behavior is also something that could be argued to be > breaking change requiring a "major number" to get bumped (e.g. a new > release - not a patch)... > > Just some thoughts. > These are all good thoughts. Thanks for sharing. Cheers, Nathan
