Hidden unicode characters (Trojan Source) #4576
Comments
chschommer
changed the title
|
Do you have a list of such characters? Displaying them as red dots would be very easy. Displaying code the way Atlassian does will be harder but should be possible as well. |
|
Yes, there is a list. Red dots or something similar is an interesting idea. Basically an obvious hint that something is wrong/strange with the script. Obviously, there are legit cases for these characters in code. What I am more concerned of is copy&pasting code from the Internet or if someone sends you code that has been altered for bad causes.
|
|
Fixed by this PR and release in 1.15.0 version #4693 |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Hi,
in light of the recent "Trojan Source" publication about hidden Unicode control characters doing bad things, I checked how the Ace Editor handles this.
As you can see, you really can not see that something is wrong. Yes, the comment looks a little bit strange, but if you are someone who just copy and pastes scripts, you might not familiar with this.
We tried to show the hidden characters but this does not really improve the situation:
I wonder if it is possible to show the hidden Unicode characters with Ace. E.g., like Atlassian handles this now:
Is there any way to achieve this with the current version of Ace?
Thanks in advance!
The text was updated successfully, but these errors were encountered: