You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To prevent this tool from being attacked by various under cover unicode attacks, we must protect this code base from the same things that the tool tries to protect others from.
I feel like it would be iffy to rely on a self scan. Then a successful attack on unicop can then hide future attacks on unicop. Instead I think we should simply say that unicop is ASCII only, and use some much simpler way to just check for that. For example with iconv --from-code=ascii --to-code=ascii $file.
The text was updated successfully, but these errors were encountered:
To prevent this tool from being attacked by various under cover unicode attacks, we must protect this code base from the same things that the tool tries to protect others from.
I feel like it would be iffy to rely on a self scan. Then a successful attack on
unicopcan then hide future attacks onunicop. Instead I think we should simply say thatunicopis ASCII only, and use some much simpler way to just check for that. For example withiconv --from-code=ascii --to-code=ascii $file.The text was updated successfully, but these errors were encountered: