Hi! > > It checks whitespace because that's something that's commonly a source > > of patch corruption. I'm not adverse to adding this to core.whitespace, > > but trying to catch malicious injected code seems like a rather big > > expansion of its scope, particularly since: > > > > "[...]sending patches for docs actually written in RTL languages[...]" > > > > Or just code? People write comment and even in their native languages, > > and not all projects are as anglo-centric as those hosted on kernel.org. > > My comment about docs was purely within the scope of the Linux kernel. > > I think the following would be a sane check: > > 1. are there unicode control characters (CCs) present? > 2. are there other characters from RTL languages present in the same line? > > if both 1 && 2 are true, this is a legitimate use of Unicode CCs. If only 1 is > true, then it's likely worth a warning. > > Maybe even relax #2 to just check for unicode characters above a certain > barrier where RTL languages live. I think everyone will agree that if there > are unicode CCs and no other unicode characters in that same line, it's likely > not a legitimate use of control characters. If you are worried about malicious patches, then it should be easy for attackers to add some RTL characters and escape the check... Best regards, Pavel -- http://www.livejournal.com/~pavelmachek
Attachment:
signature.asc
Description: PGP signature
