[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Change of Lisp syntax for "fancy" quotes in Emacs 27?

From: Drew Adams
Subject: RE: Change of Lisp syntax for "fancy" quotes in Emacs 27?
Date: Fri, 2 Feb 2018 16:39:43 -0800 (PST)

> > The distinction I think needs to be made is between:
> >
> > 1. Trying to_warn users_  (all users, less-expert or not)
> >     about possible misuse of particularly confusable chars.
> >     This just warns about possible pilot error.
> >
> > 2._Changing Lisp_  reading and evaluating, to treat some
> >     (all?) confusable characters specially, changing their
> >     syntax and requiring them to be escaped in order to be
> >     treated normally (i.e., as they have been treated so far).
> >
> > I object to #2, NOT to #1.
> I don't see a clear distinction between #1 and #2.

That's too bad.  They are really quite different.

In the first case, you get a warning.  In the second case
your code breaks.

> For example, in an adversarial environment...

I don't think that's the reason for this change at all.
It was not mentioned in the bug thread, AFAIK.

The motivation was to prevent confusion on the part of
users, not to prevent or avoid malevolent behavior.
Please see the bug thread (#30217).

The idea was to improve convenience and reduce confusion
by someone who copy+pastes code from a web page (for
example), when (for example) that page renders a normal
quote as a curly quote.

You want to introduce a security aspect here.  I can't
speak much to that.  I'll simply ask whether other Lisps
(e.g. Common Lisp) worry about such a risk?  What does
Clojure do about confusables in Lisp symbols?  Does any
other Lisp change the Lisp syntax and behavior to require
special escaping of such chars in symbols (or elsewhere)?

Sure, even if no other Lisp worries about this or takes
the same approach as that proposed, that's not a proof
that Emacs Lisp shouldn't.  Still...

Given enough motivation, you can already, today, create
Lisp code (confusing, confusable, or otherwise) that is
evil, even without using any consusable Unicode chars.

When I was a kid we would play tricks on each other,
changing a character somewhere in a friend's large deck
of punched Hollerith cards - e.g., insert or remove a
decimal point.  You had to wait a full day to get back
the result of your program run, and the result would
only be a pretty cryptic error msg.  Argggh!

It was just good-natured fun - a game among friends.
And that was only with assembler and Fortran, and we
were just newbie kids.  Imagine what you can do today,
without bothering to rely on close Unicode confusables.

Sorry, but your "security" argument just doesn't pass
muster, for me.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]