[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Unicode confusables and reordering characters considered harmful

From: Gregory Heytings
Subject: Re: Unicode confusables and reordering characters considered harmful
Date: Wed, 03 Nov 2021 09:59:46 +0000

Given that the vulnerability is limited to source code, in which AFAIU there's no legitimate use of such characters, would the following not be enough?

I'm pretty sure there are legitimate uses of such characters in source code. Maybe there are significant parts of the world where this is extremely rare, but we shouldn't generalize too quickly.

There's some data that shows that this is extremely rare in general: the Rust Security Response WG analyzed the 70322 crates and found only 5 in which these codepoints were present (see [1]). That's ~0.01 %.

Moreover such highlighting does not make the source code or text unreadable, even in those few legitimate cases.

Therefore I suggest to experiment with the attached patch during a month or so, and see if there are objections. I used the {left,right,up,down}wards arrows, which are visible in both GUI and TUI interfaces.

[1] https://blog.rust-lang.org/2021/11/01/cve-2021-42574.html

Attachment: Make-bidi-reordering-characters-visible.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]