Menu
▾
▴
Re: [dcplusplus-devel] new lines in hub titles
|
From: poy <po...@12...> - 2008-08-13 21:09:17
|
> I think it is OK if it is sent escaped (\n), otherwise it is a weird > INF followed with a garbage command (which would also be exploitable > by allowing injected commands). ADCH++ does correctly escape commands it sends; there is not the problem. but it shouldn't send any \n (new line) or \s (space), or any other char with a code point < 32 in the NI (hub name) field of its INF; and no \n (new line) or any other char with a code point < 32 in the DE (hub description) field of its INF. related quote from the spec: NI | string | Nickname (or hub name). The hub must ensure that this is unique in the hub up to case-sensitivity. Valid are all characters in the Unicode character set with code point above 32, although hubs may limit this further as they like with an appropriate error message. DE | string | Description. Valid are all characters in the Unicode character set with code point equal to or greater than 32. even if '\' and 's' are above 32, they are in another layer; the char they translate into (space - code point 32) isn't allowed in nicks (and by extension, in the hub name since it also uses NI). same for the hub description about new lines (code points 10 or 13) and these other chars with a code point < 32. poy |
