On 26.08.21 06:52, David G. Johnston wrote:
> On Wednesday, August 25, 2021, Christophe Pettus <xof@thebuild.com
> <mailto:xof@thebuild.com>> wrote:
>
> lower() and unaccent() (and most string functions) are not marked as
> leakproof. Is this due to possible locale / character encoding
> errors they might encounter?
>
>
> I think you are partially correct. Its due to the fact that error
> messages, regardless of the root cause, result in the printing of the
> input value in the error message as context, thus exists a leak via a
> violation of “ It reveals no information about its arguments other than
> by its return value. ”
I think if you trace the code, you might find that lower() and upper()
can't really leak anything. It might be worth taking a careful look and
possibly lifting this restriction.