|
|
|
|
|
|
by Arrowmaster
99 days ago
|
|
|
Honestly I was expecting more. There are many languages that support Unicode in variable or function names and I expected it to be used there. It sounds like Python only allows approved Unicode characters to start a variable name but if it allowed any you could do something like `nonprintable = lambda x: insert exploit code here`. If that was hidden in what looked like a blank line between other additions would you catch it? I'm sure there's some other language out there that has similar syntax and lax Unicode rules this could be used in. The solution is that this and many other Unicode formatting characters should be ignored and converted to a visible indicator in all code views when you expect plain text. |
|
|
This isn't about formating characters, this is about private use characters.