From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 21599 invoked from network); 9 Aug 2021 20:47:03 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 9 Aug 2021 20:47:03 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:Message-ID:Date:Content-ID: Content-Type:MIME-Version:Subject:To:References:From:In-reply-to:cc:Reply-To: Content-Transfer-Encoding:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=HJ18XUNYxirUTxreQCiO/t2cHyuHDGV4sCX2TdIe6Jo=; b=ZLPHrk3LWrP4/99vM48o/dbHQt 3eW78GpNK/iJ+0ymXAEl3/u9juLm6dOKxAtXw/H174aBiHrvx4drpvBojQal0wXXarAavX0r7bhYP qCjSQVt0/md63jjwXxyBlYcDYcs/avzae8B+NYyB0cRfwLRhEqDUPxMBu3PKx6CXR4mobb9LYZYpH hNcwzsXxxJDsSNOsdvjvUDs75Q8hbLogrkUAS9FEFtzqVnLmRvI7BHToCeFfEshJcXXVcmQ10XtKJ OwkyEghspITh3hD0oBZghHMyDE5u598qg9RPGwNQWpC48rpqu5Z8CSfUukRc6SmlipaXelltbPl8B 0rIbhzBQ==; Received: from authenticated user by zero.zsh.org with local id 1mDCAo-0008ix-RZ; Mon, 09 Aug 2021 20:47:02 +0000 Received: from authenticated user by zero.zsh.org with esmtpsa (TLS1.3:TLS_AES_256_GCM_SHA384:256) id 1mDCA4-0007MA-6E; Mon, 09 Aug 2021 20:46:17 +0000 Received: from [192.168.178.21] (helo=hydra) by mail.kiddle.eu with esmtp(Exim 4.94.2) (envelope-from ) id 1mDCA3-00089E-79; Mon, 09 Aug 2021 22:46:15 +0200 cc: zsh-users@zsh.org In-reply-to: From: Oliver Kiddle References: To: Roman Neuhauser Subject: Re: questions re: NO_PROMPT_PERCENT MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <31322.1628541975.1@hydra> Date: Mon, 09 Aug 2021 22:46:15 +0200 Message-ID: <31323-1628541975.218161@pkyE.Ss-A.4HoV> X-Seq: 26883 Archived-At: X-Loop: zsh-users@zsh.org Errors-To: zsh-users-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-users-request@zsh.org X-no-archive: yes List-Id: List-Help: List-Subscribe: List-Unsubscribe: List-Post: List-Owner: List-Archive: Roman Neuhauser wrote: > so i tried turning PROMPT_PERCENT off, and ended up with broken > > * completion For what it's worth, I neither see much breakage when turning prompt_percent off nor do I find any uses of print -P when grepping in the Completion directory of the zsh sources. If there are any, ${(%)...} should be used instead. Is your breakage perhaps just a messed up terminal due to literal escape sequences in your prompt? All the complist and zformat stuff looks fine to me. > * is there a meaningful difference between > set +o promptsubst; PROMPT="... $var ..." > and > set -o promptsubst; PROMPT='... $var ...'? It changes when $var is expanded. I'd only use the latter with $var being set from hook functions. > * is my understanding of PROMPT being susceptible to malicious > data substituted directly as above correct? what are effective > mitigations? does ${(V)} really have me covered under PROMPTSUBST? > what are the limits imposed by %{...%}? the manual says it "should > not change the cursor position", a quick test suggests it would be > better worded as "will not be allowed ..."? this deserves more > detail in the text. You can specify a number with it where the content does advance the cursor. promptsubst also allows command and math substitutions. For security to be a concern, you still have to personally configure it to fill the variables with untrusted data. Things like key rebinding escape sequences are long gone so I'm not sure you really need to worry but (V) is likely harmless anyway. > * does the topic deserve better coverage in the manual? > i'm convinced it does. It's hard to comment without more specifics of what you'd want included. > * would everyone (is there one?) using nopromptpercent raise their hand? > please describe your interactive use of zsh 5.x with nopromptpercent! I was thinking the main use would be for sh emulation but apparently that doesn't bother to unset it. > * i keep praising zsh for its conservatism, but screw 1999, what is the > *goal* of the setting *today*? ie. is the impact NOPROMPTPERCENT has > on CORRECT expected? is it *desired*? why? what are the $REASONS > in "displaying the CORRECT prompt without substituting %R or %r is a > major goal of this option because $REASONS"? i mean, if CORRECT is > a security concern (how?) then there's NOCORRECT, no? Yes, that doesn't seem expecially useful but not entirely suprising when thinking about implementation. Should we treat this as a bug? > * why does it affect `print -P`? > * why does it *not* affect the % parameter expansion flag? print -P is older. I'd speculate that whoever implemented it considered it useful to be able to print, e.g. $PS1 and have it appear as a prompt would. Oliver