Directionality controls for malicious code
Martin J. Dürst
duerst at it.aoyama.ac.jp
Thu Dec 2 00:35:17 CST 2021
I think it's correct that it is not possible to fix this in Unicode
itself. But that doesn't mean that it should be checked/warned by compilers.
There are many other tools involved, in particular editors. There are
probably way less serious editors than programming languages. Editors
can clearly show problematic characters, so that users can decide
whether they are dangerous or necessary (or both).
Regards, Martin.
On 2021-12-02 14:27, Sławomir Osipiuk via Unicode wrote:
> The burden of guarding against BiDi misuse should be on the programming languages and/or their compilers. I'm not sure why this hasn't been widely implemented yet. At minimum any BiDi controls within a source file should emit a warning during compilation, with compiler options available to error on any mixture of LTR and RTL text, or to whitelist specific files which are known to contain such a mixture with a valid cause, etc.
>
> There is nothing that can be done at the Unicode level to cater to coding languages that the coding languages can't do themselves via their own specifications and tools. Indeed it is far more appropriate for BiDi warnings and prohibitions to be tailored to the syntax of each language. (E.g. it may be generally "okay" for a line containing only a comment to mix directionality, but not for a line containing both code and comment).
>
> Sławomir Osipiuk
>
More information about the Unicode
mailing list