Re: [PATCH] make org-notify support for macOS desktop notification

[Maxim Nikulin]

On 04/07/2021 07:23, stardiviner wrote:
> I found `org-notify` does not support macOS desktop notification. So I write a 
> small patch for this.

I am surprised that there is no OS-agnostic function in Emacs that sends 
simple notification, suitable when no advanced feature are necessary. 
Only OS-dependent variants are implemented for Linux and Windows.

> +                        (format "'display notification \"%s\" with title \"title\"'" 
> notification "Org mode message")))

Unsafe substitution of the argument. There is no guarantee that 
notification has no quote characters. I do not know, which link you 
would prefer:
- old https://xkcd.com/327/ "Robert'); DROP TABLE"
- recent 
https://arstechnica.com/gadgets/2021/06/mass-data-wipe-in-my-book-devices-prompts-warning-from-western-digital/ 
Wipe data from NAS (accordingly to some sources, device can be protected 
by firewall, it is enough to open in a browser a page with a malicious 
<img src="..."> element, e.g. in a comment of an earlier visitor)

The preferred way is to pass such parameters as separate arguments of 
`start-process'. I am not familiar with osascript, I hope, it does not 
additionally interpret strings passed to "display notification" to do 
something fancy things. Example with sh:

Current unsafe variant:

>    sh -c "`printf 'echo "%s: %s - %s"' 'some-command' '"; echo another action ; echo 
> "' 'second arg'
With parameters passed as separate arguments to avoid interpretation of 
special characters:

>    sh -c 'echo "$0: $1 - $2"' 'some-command' '"; echo another action ; echo "' 
> 'second arg'