Directionality controls for malicious code

Sławomir Osipiuk sosipiuk at
Wed Dec 1 23:27:06 CST 2021

The burden of guarding against BiDi misuse should be on the programming languages and/or their compilers. I'm not sure why this hasn't been widely implemented yet. At minimum any BiDi controls within a source file should emit a warning during compilation, with compiler options available to error on any mixture of LTR and RTL text, or to whitelist specific files which are known to contain such a mixture with a valid cause, etc.

There is nothing that can be done at the Unicode level to cater to coding languages that the coding languages can't do themselves via their own specifications and tools. Indeed it is far more appropriate for BiDi warnings and prohibitions to be tailored to the syntax of each language. (E.g. it may be generally "okay" for a line containing only a comment to mix directionality, but not for a line containing both code and comment).

Sławomir Osipiuk

More information about the Unicode mailing list