[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trojan Source detection/highlight in Emacs?

From: Stefan Monnier
Subject: Re: Trojan Source detection/highlight in Emacs?
Date: Tue, 02 Nov 2021 10:14:01 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)

>> if access_level != "user{U+202E} {U+2066}// Check if admin{U+2069}
>> {U+2066}" {
>> ...would be rendered by bidirectional-aware tools as:
>> if access_level != "user" { // Check if admin
>> This would give the reader the mistaken impression that the program is
>> comparing admin_level with the value "user".
> Clearly, Eli will know better, but I suspect that we may be able to
> avoid most of those issues by (conceptually) treating comment delimiters
> as bidi barriers.  Of course, that leaves open the question of what
> I mean by "bidi barrier" and of how to implement it ;-)

Tho, actually, the problem is more pronounced since bidi can also be
used within a string (as shown above already) as well as within
identifiers (tho language may opt to disallow them there).

So my suggestion above would have to be extended to treat string
delimiters as barriers, and similarly for "identifier delimiters"
(i.e. whitespace, infix operators/punctuation, ...) tho not when within
comments or strings.
And of course, the specifics are all language-dependent.
Clearly non-trivial.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]