On Wed, Mar 6, 2019 at 4:49 PM Jeff King <peff@xxxxxxxx> wrote: > On Tue, Mar 05, 2019 at 07:08:33PM +0700, Nguyễn Thái Ngọc Duy wrote: > I had envisioned just sanitizing each character into an output buffer as > we did the checks. It does introduce some complexities, though, because > now the checking function is doing the replacement (so it has to know > the right sanitizing rule for each case). > > The patch below is a rough cut at that, just for discussion. You can > ignore the check-ref-format bits; they were just to make poking at it > easier, though perhaps we'd want something like that in the long run. This is more along the lines of what I had envisioned, as well, after looking over the implementation of check_refname_component(). It's a bit noisy and loud but easy to follow, and doesn't give rise to concerns about quadratic behavior, etc.
