[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Unicode confusables and reordering characters considered harmful

From: Daniel Brooks
Subject: Re: Unicode confusables and reordering characters considered harmful
Date: Tue, 02 Nov 2021 18:59:09 -0700
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)

Stefan Monnier <monnier@iro.umontreal.ca> writes:

>> Given that the vulnerability is limited to source code, in which AFAIU
>> there's no legitimate use of such characters, would the following not
>> be enough?
> I'm pretty sure there are legitimate uses of such characters in source code.
> Maybe there are significant parts of the world where this is extremely rare,
> but we shouldn't generalize too quickly.

Yea, strings and comments both need to be able to contain pretty much
arbitrary prose; they’ll need to allow these characters for the same
reasons you need them in prose.

One recommendation the paper made was that languages should allow them,
but give a syntax error if they reorder the comment or string delimiters
relative to other text.

But I definitely agree that they should be marked very visibly when used
in source code; see my own suggestion for using whitespace-mode.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]