Directionality controls for malicious code

Eli Zaretskii eliz at
Fri Dec 3 07:04:51 CST 2021

> Date: Fri, 3 Dec 2021 13:50:08 +0100
> From: Daniel Bünzli <daniel.buenzli at>
> Cc: unicode at
> I'm not suggesting to do *any* of what I mentioned in text editors :-) Text editors should just do regular UBA. 

Editors have better chance to catch user's attention.

Besides, what about the cases when you get a program compiled by
someone else and review its sources to see if you can trust it?

> These checks are meant to be done by the compiler on the sources they are fed with. Somehow the problem really looks like matching new kind of parentheses with a few twists. It would just be nice if we had a good description of the exact rules you need to enforce.

Compilers are much less likely to like your ideas, because your ideas
require an implementation of the UBA, which compilers didn't until now
have to do.

> Regarding the idea of text insertion to ensure text boundaries are respected I'm more thinking about templating. Suppose you have a template with fields to fill in with untrusted user input and you want to make sure the text remains contained to well specified boundaries. 

I'm not sure how this will help.  Program code can be written even in
a very simple text editor without any templates.  How can you tell
users to use templates?

More information about the Unicode mailing list