Directionality controls for malicious code

Mark Davis ☕️ mark at
Thu Dec 2 12:51:19 CST 2021

The UBA explicitly carves out room for specialized text handling in The goal of that
is to allow editors to handle bidi ordering in a sensible (and not
misleading) fashion in environments such as programming language editing,
specifically so that tokens are 'self-contained' and the ordering among
tokens is clear.

(There needs, however, to be more and clearer examples and guidance in
the UBA, #31, #36, and #39.)


On Thu, Dec 2, 2021 at 10:33 AM Eli Zaretskii via Unicode <
unicode at> wrote:

> > Date: Thu, 2 Dec 2021 16:19:12 +0100
> > From: Daniel Bünzli <daniel.buenzli at>
> > Cc: unicode at
> >
> > I'm not familiar enough with the bidi algorithm but for example it seems
> that unbounded RLO or RLI in a span should be forbidden unless they are
> properly balanced with a matching PDI or PDF
> The UBA mandates that all embeddings end at paragraph end, i.e. at a
> newline.  So unterminated embeddings and isolates behave exactly as
> terminated ones do, and requiring the embeddings and isolates to be
> properly terminated will only catch sloppy malicious tinkering with
> these controls, it won't catch the non-sloppy ones.
> > But I'm sure the problem is much more complex than that and I'd be
> curious if people in the know of the algorithm have an idea on how to go
> about it.
> I did have some ideas, and implemented detection of suspicious
> reordering for Emacs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Unicode mailing list