Comments (4)
ju-sh
commented on June 27, 2024
Found an example here that says:
Memory: he said "<RLI>I NEED WATER!<PDI>", and expired.
Display: he said "!RETAW DEEN I", and expired.
But does it work differently in the early-return example?
from trojan-source.
nickboucher
commented on June 27, 2024
This is a great point -- the RLI character behaves strangely. The example that you reference comes from the de facto source of truth for a correct Unicode implementation, but that's not the behavior that I observe in practice.
Unicode Bidi implementations differ by application & OS, but rendering "I NEED WATER!" in Chromium-based browsers for me yields something that looks like "!I NEED WATER". For comparison, here's the encoded form for anyone reading to observe in their own browser:
I NEED WATER!
Experimentally, it appears to me that (at least in Chromium-based software) RLI affects neutral characters but not strong characters; or, rather, at least affects neutral and strong characters differently.
It's not immediately clear to me whether this behavior is in the Unicode Bidi spec, or whether this is a bug/undefined behavior in specific Bidi implementations.
from trojan-source.
ju-sh
commented on June 27, 2024
Thanks. I think in the example from the page for the bidi algorithm, they also use upper case characters as a kind of notation to represent a script written from right to left (or something like that, right?).
And do you know how is bidi pronounced? Is it 'bye-dye' or 'bee-dee'?
from trojan-source.
nickboucher
commented on June 27, 2024
I've heard it pronounced many different ways; I'm not sure that there's a consensus. Although it's a different "Bidirectional" there's a related thread about it here.
from trojan-source.
Related Issues (12)
- Python3 returns syntax error: HOT 1
- Does an homoglyphe function concerned by Trojan source? HOT 1
- Could we help developers detect and prevent issues of trojan source in their projects? HOT 8
- invisible-function.c and homoglyph-function.c cant be build with gcc <= 9.1, but successful with gcc 11.2
- The attack is known, not novel HOT 9
- Tools to detect possible attacks HOT 1
- ඞ
- That's poor editor attack vector not compiler/code/interpreter HOT 2
- Provide an example of propper use for reference HOT 1
- Early return and comment out in languages without closing comment token? HOT 2
- Variations on Stretched String HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trojan-source.