|
|
|
|
|
|
by like_any_other
96 days ago
|
|
|
Invisible characters, lookalike characters, reversing text order attacks [1].. the only way to use unicode safely seems to be by whitelisting a small subset of it. And please, everyone arguing the code snippet should never have passed review - do you honestly believe this is the only kind of attack that can exploit invisible characters? [1] https://attack.mitre.org/techniques/T1036/002/ |
|
|