Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
https://compart.com/en/unicode/...
One might want to take a look at that...
Yes. One can make text look almost identical, yet having entirely different characters inside of it.
I know of some ... Brain damaged mother fucking piece of shit crapware... Who does replace regular quotes to prevent security issues like injection.
I cannot remember exactly which software it was, but I remember having such fun multiple times with different software. -
hitko31462y@netikras If you type "hello" into most document editing apps (Word, Google docs, etc.), it's going to automatically change it to “hello” (note the difference in the quotation marks). Many markdown parsers, CMSs, static content generators, and rich text editors do the same when rendering content, and some popular ones still perform just a simple search and replace instead of doing it properly.
-
@hitko this fucking shit always annoys me.
For example, in some fonts, MS Word will trigger the change only if you add a space after the quote.
Word also changes the dash “-“ to a different version, but that is triggered after you put a word and a space after the word after the dash. -
could be worse... could be where they post SCREEN SHOTS of the snippet instead of a text-based one...
sad to say this is a true story i've encountered too many times to count -
@IntrusionCM "to prevent security issues"
That tells me they have no idea what they're doing and append user input directly to commands/queries instead of the proper way (whatever the library offers)
Same shit with html escaping when putting it in a database compared to directly before embedding it in the website
I've also seen a software do:
1. replace parentheses in code with a similar looking unicode character
2. base64 encode it (only takes up 3x more space)
3. put it in JSON
... wtf?
Why do so many online resources still change quote characters in the code for the curly ones? It's 2023, how hard is it to add a fucking rule to skip conversion inside the <code> blocks?
rant