Invisible characters must be specified to be visible in security-sensitive situations
Eli Zaretskii via Unicode
unicode at unicode.org
Fri Feb 16 01:47:11 CST 2018
> Date: Thu, 15 Feb 2018 17:33:12 -0500
> From: Oren Watson via Unicode <unicode at unicode.org>
>
> https://securelist.com/zero-day-vulnerability-in-telegram/83800/
>
> You could disallow these characters in filenames, but when filename handling is charset-agnostic due to the
> extended-ascii principle this is impractical. I think a better solution is to specify a visible form of these
> characters to be used (e.g. through otf font variants) when security is of importance.
Emacs has a special function that searches a given region of a buffer
of text or of a text string for characters whose Bidi_Class property
has been overridden by RLO or LRO. Emacs application programs can use
this function to detect and flag such regions of text, and prevent
such malicious attacks.
More information about the Unicode
mailing list