erichgoldman
commented
2 years ago Hi @interfect sorry for the late reply.
The current sanitizer is admittedly primitive, probably a holdover from very early work on the code.
Reviewing it usage, I think a lingering concern would still be some type of second-order attack - e.g., even without output encoding, some tool reading the text may process it as plaintext and that could cause some type of execution (i.e., harmless in the browser, but dangerous downstream). Even with encoding, we may actually want to be more aggressive and look at things like newline injection to trigger different matching downstream.
I am going to leave this ticket open for now and I am going to reinvestigate the threat model and usage in more detail in the future. For right now, for the majority of users this might be an inconvenience, but not a blocker. For more use cases, you will be selecting the text in the other program, so while this would change expectation it shouldn't impact usability for majority of users (e.g., in KeePass, one selects the string they want to match manually)
The original page title is passed through the sanitizer before being used to compose the new title, which removes, among other things, the
'character. So any page titled like "Ash's Profile" will become something like "Ashs Profile - facespace.biz/".Apostrophes in the original title should be retained.