1 files changed, 87 insertions, 0 deletions
diff --git a/doc/lispref/text.texi b/doc/lispref/text.texi
index b9df66dbdb4..37cf376bd53 100644
--- a/doc/lispref/text.texi
+++ b/doc/lispref/text.texi
@@ -59,6 +59,7 @@ the character after point.
 * Decompression::    Dealing with compressed data.
 * Base 64::          Conversion to or from base 64 encoding.
 * Checksum/Hash::    Computing cryptographic hashes.
+* Suspicious Text::  Determining whether a string is suspicious.
 * GnuTLS Cryptography:: Cryptographic algorithms imported from GnuTLS.
 * Database::         Interacting with an SQL database.
 * Parsing HTML/XML:: Parsing HTML and XML.
@@ -4943,6 +4944,92 @@ It should be somewhat more efficient on larger buffers than
 @c according to what we find useful.
 @end defun
+@node Suspicious Text
+@section Suspicious Text
+@cindex suspicious text
+@cindex insecure text
+@cindex security vulnerabilities in text
+  Emacs can display text from many external sources, like email and Web
+sites.  Attackers may attempt to confuse the user reading this text by
+using obfuscated @acronym{URL}s or email addresses, and tricking the
+user into visiting a web page they didn't intend to visit, or sending
+an email to the wrong address.
+This usually involves using characters from scripts that visually look
+like @acronym{ASCII} characters (i.e., are homoglyphs), but there are
+also other techniques used, like using bidirectional overrides, or
+having an @acronym{HTML} link text that says one thing, while the
+underlying @acronym{URL} points somewhere else.
+@cindex suspicious text strings
+To help identify these @dfn{suspicious text strings}, Emacs provides a
+library to do a number of checks on text.  (See
+@url{https://www.unicode.org/reports/tr39/, UTS #39: Unicode Security
+Mechanisms} for the rationale behind the checks that are available and
+more details about them.)  Packages that present data that might be
+suspicious should use this library to flag suspicious text on display.
+@vindex textsec-check
+@defun textsec-suspicious-p object type
+This function is the high-level interface function that packages
+should use.  It respects the @code{textsec-check} user option, which
+allows the user to disable the checks.
+This function checks @var{object} (whose data type depends on
+@var{type}) to see if it looks suspicious when interpreted as a thing
+of @var{type}.  The available types and the corresponding @var{object}
+data types are:
+@table @code
+@item domain
+Check whether a domain (e.g., @samp{www.gnu.org} looks suspicious.
+@var{object} should be a string, the domain name.
+@item url
+Check whether an @acronym{URL} (e.g., @samp{http://gnu.org/foo/bar})
+looks suspicious.  @var{object} should be a string, the @acronym{URL}
+to check.
+@item link
+Check whether an @acronym{HTML} link (e.g., @samp{<a
+href='http://gnu.org'>fsf.org</a>} looks suspicious.  In this case,
+@var{object} should be a @code{cons} cell where the @code{car} is the
+@acronym{URL} string, and the @code{cdr} is the link text.  The link
+is deemed suspicious if the link text contains a domain name, and that
+domain name points to something other than the @acronym{URL}.
+@item email-address
+Check whether an email address (e.g., @samp{foo@@example.org}) looks
+suspicious.  @var{object} should be a string.
+@item local-address
+Check whether the local part of an email address (the bit before the
+@samp{@@} sign) looks suspicious.  @var{object} should be a string.
+@item name
+Check whether a name (used in an email address header) looks
+suspicious.  @var{object} should be a string.
+@item email-address-header
+Check whether a full RFC2822 email address header (e.g.,
+@samp{=?utf-8?Q?=C3=81?= <foo@@example.com>}) looks suspicious.
+@var{object} should be a string.
+@end table
+If @var{object} is suspicious, this function returns a string that
+explains why it is suspicious.  If @var{object} is not suspicious, the
+function returns @code{nil}.
+@end defun
+@vindex textsec-suspicious@r{ (face)}
+If the text is suspicious, the application should mark the suspicious
+text with the @code{textsec-suspicious} face, and make the explanation
+returned by @code{textsec-suspicious-p} available to the user in some way
+(for example, in a tooltip).  The application might also prompt the
+user for confirmation before taking any action on a suspicious string
+(like sending an email to a suspicious email address).
 @node GnuTLS Cryptography
 @section GnuTLS Cryptography
 @cindex MD5 checksum

diff --git a/doc/lispref/text.texi b/doc/lispref/text.texi index b9df66dbdb4..37cf376bd53 100644 --- a/doc/lispref/text.texi +++ b/doc/lispref/text.texi
@@ -59,6 +59,7 @@ the character after point.
59	* Decompression:: Dealing with compressed data.	59	* Decompression:: Dealing with compressed data.
60	* Base 64:: Conversion to or from base 64 encoding.	60	* Base 64:: Conversion to or from base 64 encoding.
61	* Checksum/Hash:: Computing cryptographic hashes.	61	* Checksum/Hash:: Computing cryptographic hashes.
		62	* Suspicious Text:: Determining whether a string is suspicious.
62	* GnuTLS Cryptography:: Cryptographic algorithms imported from GnuTLS.	63	* GnuTLS Cryptography:: Cryptographic algorithms imported from GnuTLS.
63	* Database:: Interacting with an SQL database.	64	* Database:: Interacting with an SQL database.
64	* Parsing HTML/XML:: Parsing HTML and XML.	65	* Parsing HTML/XML:: Parsing HTML and XML.
@@ -4943,6 +4944,92 @@ It should be somewhat more efficient on larger buffers than
4943	@c according to what we find useful.	4944	@c according to what we find useful.
4944	@end defun	4945	@end defun
4945		4946
		4947	@node Suspicious Text
		4948	@section Suspicious Text
		4949	@cindex suspicious text
		4950	@cindex insecure text
		4951	@cindex security vulnerabilities in text
		4952
		4953	Emacs can display text from many external sources, like email and Web
		4954	sites. Attackers may attempt to confuse the user reading this text by
		4955	using obfuscated @acronym{URL}s or email addresses, and tricking the
		4956	user into visiting a web page they didn't intend to visit, or sending
		4957	an email to the wrong address.
		4958
		4959	This usually involves using characters from scripts that visually look
		4960	like @acronym{ASCII} characters (i.e., are homoglyphs), but there are
		4961	also other techniques used, like using bidirectional overrides, or
		4962	having an @acronym{HTML} link text that says one thing, while the
		4963	underlying @acronym{URL} points somewhere else.
		4964
		4965	@cindex suspicious text strings
		4966	To help identify these @dfn{suspicious text strings}, Emacs provides a
		4967	library to do a number of checks on text. (See
		4968	@url{https://www.unicode.org/reports/tr39/, UTS #39: Unicode Security
		4969	Mechanisms} for the rationale behind the checks that are available and
		4970	more details about them.) Packages that present data that might be
		4971	suspicious should use this library to flag suspicious text on display.
		4972
		4973	@vindex textsec-check
		4974	@defun textsec-suspicious-p object type
		4975	This function is the high-level interface function that packages
		4976	should use. It respects the @code{textsec-check} user option, which
		4977	allows the user to disable the checks.
		4978
		4979	This function checks @var{object} (whose data type depends on
		4980	@var{type}) to see if it looks suspicious when interpreted as a thing
		4981	of @var{type}. The available types and the corresponding @var{object}
		4982	data types are:
		4983
		4984	@table @code
		4985	@item domain
		4986	Check whether a domain (e.g., @samp{www.gnu.org} looks suspicious.
		4987	@var{object} should be a string, the domain name.
		4988
		4989	@item url
		4990	Check whether an @acronym{URL} (e.g., @samp{http://gnu.org/foo/bar})
		4991	looks suspicious. @var{object} should be a string, the @acronym{URL}
		4992	to check.
		4993
		4994	@item link
		4995	Check whether an @acronym{HTML} link (e.g., @samp{<a
		4996	href='http://gnu.org'>fsf.org</a>} looks suspicious. In this case,
		4997	@var{object} should be a @code{cons} cell where the @code{car} is the
		4998	@acronym{URL} string, and the @code{cdr} is the link text. The link
		4999	is deemed suspicious if the link text contains a domain name, and that
		5000	domain name points to something other than the @acronym{URL}.
		5001
		5002	@item email-address
		5003	Check whether an email address (e.g., @samp{foo@@example.org}) looks
		5004	suspicious. @var{object} should be a string.
		5005
		5006	@item local-address
		5007	Check whether the local part of an email address (the bit before the
		5008	@samp{@@} sign) looks suspicious. @var{object} should be a string.
		5009
		5010	@item name
		5011	Check whether a name (used in an email address header) looks
		5012	suspicious. @var{object} should be a string.
		5013
		5014	@item email-address-header
		5015	Check whether a full RFC2822 email address header (e.g.,
		5016	@samp{=?utf-8?Q?=C3=81?= <foo@@example.com>}) looks suspicious.
		5017	@var{object} should be a string.
		5018	@end table
		5019
		5020	If @var{object} is suspicious, this function returns a string that
		5021	explains why it is suspicious. If @var{object} is not suspicious, the
		5022	function returns @code{nil}.
		5023	@end defun
		5024
		5025	@vindex textsec-suspicious@r{ (face)}
		5026	If the text is suspicious, the application should mark the suspicious
		5027	text with the @code{textsec-suspicious} face, and make the explanation
		5028	returned by @code{textsec-suspicious-p} available to the user in some way
		5029	(for example, in a tooltip). The application might also prompt the
		5030	user for confirmation before taking any action on a suspicious string
		5031	(like sending an email to a suspicious email address).
		5032
4946	@node GnuTLS Cryptography	5033	@node GnuTLS Cryptography
4947	@section GnuTLS Cryptography	5034	@section GnuTLS Cryptography
4948	@cindex MD5 checksum	5035	@cindex MD5 checksum