Ecma-48 proposed styling controls update updated & math expression representation proposal update
Kent Karlsson
kent.b.karlsson at bahnhof.se
Thu Jan 11 14:21:11 CST 2024
> 11 jan. 2024 kl. 14:44 skrev Marius Spix via Unicode <unicode at corp.unicode.org>:
>
>
> Here is an interesting article, how escape sequences can be used to hide malicious context in source code: https://www.infosecmatter.com/terminal-escape-injection/
Thanks for the reference. It is a bit ironic that an article about security is sprinkled with clickbait ads. At least it was for me. But it makes it impossible to include as a reference in any proposal document.
Yes, there are security concerns. I did include a security aspects section. But I did not mention presentation component editing. I do not plan to propose any changes or additions to presentation component editing controls. IIUC they are sufficient as they are. But I did include that uninterpreted control codes, control sequences, and control strings should be displayed (i.e. not be invisible), and that keyboard input control sequences as well as presentation component editing control sequences must be uninterpreted in a text editor. Regarding ‘cat’ etc., I think they unfortunately are unsalvageable.
> This would not happen with human-readable markup like HTML
The problem discussed is unrelated to control sequences vs. tags. But is related to the presence of presentation component (read: display) edit control sequences in ECMA-48, which are not at all covered by my proposal.
/Kent K
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://corp.unicode.org/pipermail/unicode/attachments/20240111/1c03c6a3/attachment.htm>
More information about the Unicode
mailing list