Nitai Sasson wrote: > Just repeating this. I think everybody missed this because I sent it > during the holiday season.
I read the proposal, and I can’t help worrying about the potential security implications of left arrows that look like right arrows and vice versa. I know there is a three-sentence “Security” section at the bottom of the proposal, which basically says to denylist the proposed control character(s) in domains where such a facility exists (like IDN), but for commonplace characters like arrows, I can imagine many additional opportunities for troublemakers to make trouble. UTS #55 in particular might need several new examples; there are programming languages that use Unicode arrows. I am certain that someone with better knowledge of security and (especially) bidi will be along shortly to show how wrong I am. -- Doug Ewell, CC, ALB | Lakewood, CO, US | ewellic.org
