Directionality controls for malicious code
public at khwilliamson.com
Tue Nov 30 12:38:48 CST 2021
It is possible to make text appear to be other than what it really is by
using BiDi controls.
Such text may be be in the form of computer code, which could allow a
trojan horse attack by sneaking stuff past human code reviewers.
I have not studied the BiDi algorithm, so this may be naive.
Is there any legitimate use of BiDi controls in text that doesn't have a
mixture of LtoR and RtoL strings?
If not, and since there are relatively few scripts of RtoL characters,
is there any legitimate use of BiDi controls outside of script runs of
If not, then could the Bidi control characters be made to have their scx
property value be all the RtoL scripts, and software such as git could
warn or forbid text of mixed scripts?
Or could a new property be created that allowed for machine detection of
More information about the Unicode