-
Notifications
You must be signed in to change notification settings - Fork 29k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Highlight confusable Unicode characters #136437
Comments
@Kroc I apologize for missing or not answering to your later comments from #1727. I don't exactly remember what happened back then, but I can speculate that perhaps the issue started out as a discussion about rendering all characters as monospace (like e.g. in a terminal) and I considered that to be a feature request when I saw that Chromium does the same rendering that we do. Later the discussion mentioned that there might be security implications, but what was mentioned was watermarked content using zwj, which is not a security problem per se, it is a privacy problem (AFAIK watermarked content might be used to track down a specific person that might have copy-pasted content). While this is a known problem since more than 10 years, I think the merit of https://www.trojansource.codes/ is that they have shown a way to weaponize it. Also, AFAIK no editors today try to tackle confusables, like e.g.:
I want to apologize if I missed your point. Please, if you find any security problems with VS Code use the steps documented at https://github.com/microsoft/vscode/blob/main/SECURITY.md to bring the security problem to our attention . |
@hediet A first implementation could focus just on https://www.unicode.org/Public/security/14.0.0/IdentifierStatus.txt and would highlight |
updated
UNTRUSTED WORKSPACES:
TRUSTED WORKSPACES:
highlight unexpected invisibles code points (on by default) ---> boolean
highlight unexpected confusable code points ---> boolean (linting feature)
-> try to start with NO setting to define further "exceptions" for confusables
The text was updated successfully, but these errors were encountered: