Directionality controls for malicious code

Eli Zaretskii eliz at gnu.org
Thu Dec 2 02:13:50 CST 2021


> Date: Thu, 2 Dec 2021 15:35:17 +0900
> From: Martin J. Dürst via Unicode <unicode at corp.unicode.org>
> 
> There are many other tools involved, in particular editors. There are 
> probably way less serious editors than programming languages. Editors 
> can clearly show problematic characters, so that users can decide 
> whether they are dangerous or necessary (or both).

Just showing the bidi controls to the user will not necessarily allow
the user to make that decision.  Most users don't have a working
understanding of the UBA, even if they do use RTL scripts.  The editor
should avoid making these controls stand out unless their use in the
specific context is highly questionable, and it should provide some
clear enough explanation for the users to understand the issue.  For
example, since most editors provide logical-order cursor movement,
suggesting that the user moves the cursor across the problematic text,
one character at a time, could go a long way towards the goal of
providing the user with pertinent information to make an informed
decision.


More information about the Unicode mailing list