Special characters in window titles do not render #1059
Comments
|
Take a look at guid configuration, especially allow_utf8_titles. Best Regards, |
|
@marmarek thanks for the suggestion. I edited those config items and restarted my VMs and then my whole machine, but the issue still persists. I think enabling utf8 tittles by default would be a significant user experience improvement. In general, asking a user to edit a config file in a CLI is something rather advanced subset of users. cc: @rootkovska |
marmarek
added
T: enhancement
|
The reason we filter out utf8 from titlebar is for extra security. Given that we currently (3.0) don't support international versions that well anyway, I suggest we leave the default off, and moving this ticker to 3.1 for further considerations. |
|
can someone add a "localization" tag to this issue? and any others that impact non-english-speaking users. at minimum this should be an option during first installation for the user to select, and let them know what they gain/lose. |
marmarek
added
the
localization
rootkovska
added
P: minor
|
We would like to have this as a default setting applied by Firstboot, allowing the (more advanced) user to untick it. |
|
could this in the meantime be a setting in the Qubes VM Manager? I don't know if that would make it faster to implement. |
rootkovska
added
the
help wanted
|
borgbase/vorta#144 looks like i just stumbled over this in qubes 4.0.1. |
|
Concrete suggestion: allow specifying Unicode codepoint ranges. |
|
Do you have any suggestions for specific sensible values to choose from? It would make sense to propose few examples for various regions. |
|
@marmarek The simplest (sounding) option is to just let the user decide (they can already kill off utf8 filtering entirely). Allowing non-combining characters (ISO-8859-1 already has precomposed characters) shall make sense as a default. The ideal way to derive a decision is perhaps to study the code paths of Unicode rendering libraries. If it turns out we don't have much time for this, we can just rip off some ranges from the Unicode database or something. |
|
Ah, I think I've misunderstood what you've said. I'll research into it when I have more free time. |
|
I know this is a pretty old issue but I stumbled over it after my first installation. The fix was applied quickly though. However, I just want to ask where's the problem with UTF8 titles? I heard security as the argument (which is totally fine for a security-oriented OS), but could someone point out how UTF8 titles decrease VM or system security? I found this pretty long report, but I don't see the point. In case it was somehow, even in theory, insecure to use UTF8 titles, all major desktop environments/window managers or X11/Wayland would have taken countermeasures, wouldn't they? And AFAICT the characters in the title are just shown and not interpreted or executed. |
|
@CrsiX It's because Unicode is quite complex: https://appleinsider.com/articles/18/05/09/black-dot-unicode-bug-crashes-ios-messages-app-using-invisible-characters Hence the proposal to allow only specific range of codepoints. |
|
@iamahuman Well, I heart about those issues and I see the point. However, I don't really expect crashes or even security holes from using UTF8 titles (while being possible of course). I mean, I've used them in my prior OSes all the time. So, for me, enabling it is totally fine. :D |
There was an exploitable vulnerability in fribidi that allowed displaying valid UTF-8 to cause code execution a while back. So there is precedent. |
andrewdavidwong
added
the
security
|
In R4.1: the setting can be changed in VM settings now. |
super! closing. |
I am noticing in both the main AppVM color coded border as well as in the panel bar of the desktop, that special characters like
ö í á ð Þ ýfrom Icelandic as well as more normal special chars likequote " charrender instead as underscores__see attached screenshotThe text was updated successfully, but these errors were encountered: