tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: print encoded string on stdout

On Mon, 12 Jan 2009, der Mouse wrote:

> > I am given a data buffer (const, not nul terminated) claiming to
> > contain an encoded text string and I know the language & encoding
> > (likely "en" & "UTF-8" but no guarantee) and I want to safely display
> > this string on stdout.
> "Safely" - my first question is, safe against what?  What kinds of
> threats are you trying to defeat here?  Until you (we) know that, you
> (we) can't really thwart them very well.

The string is a byte array and comes from a remote bluetooth device. I
don't know what it contains and I want to minimise the risk that it messes
up the users display and/or obscures other information that I'm showing.
I have no reason to believe that it would be malicious, but the difference
between 'malicious' and 'mistaken' is not always apparent..

> Second question is, how much do you care about the user seeing glyphs
> similar to those for the characters in the string?  I'm thinking about
> cases like the buffer containing, say, U+1698, or U+10EC, when the
> user's using an ISO-8859-1 (or, worse, ASCII) display device; how much
> do you care what happens in a case like that?  (Even assuming you can
> _tell_ what the user's using.)

These strings are informational really (Service Name, Service Description,
etc). If the string itself can't be displayed then "probably" there would
be another string that would say the same thing in a way that could be. I
am happy to make some effort to display it but going the extra mile is not
really necessary.


(I am extending spdquery(1) to display significantly more information)

Home | Main Index | Thread Index | Old Index