Hi NRK, You're right, "sanitize/validate" was the wrong framing -apologies for that.
And the nsxiv -g example is a valid point. A user explicitly requesting a specific geometry should be respected. In my case the root cause is 1wm, which moves every window to 0,0 on ConfigureRequest with no EWMH awareness, leaving Firefox with corrupted session state. When switching to dwm that stale geometry gets inherited. So the bug is really in 1wm, not dwm. Thanks for the clarification ---- Ricardson (r1w1s1) On Sun, Feb 22, 2026, at 1:37 PM, NRK wrote: > Hi Ricardson, > >> This suggests dwm floating mode accepts incoming window geometry >> without validation, while tiling mode is more resilient because it >> ignores client-requested geometry entirely. It may be worth dwm >> clamping floating window geometry against monitor bounds on map, at >> least to prevent windows from covering the bar. > > If I run: > > nsxiv -g 1920x1080 ~/pictures > > On a standard 1080p resolution monitor with nsxiv set to floating in > config.h, then I expect the nsxiv window will take up the whole screen. > Why should the WM prevent me from doing that? > > Also, terms like "sanitize/validate" are used when input is coming from > a potentially malicious source. dwm doesn't deal with malicious sources > because if a malicious source can create windows in your xorg session > then you're compromised already. > > - NRK
