[Bug 62049] New: Abuse filters can be fooled by using U+200B ZERO WIDTH SPACE (ccnorm doesn't remove/normalize them)

bugzilla-daemon Fri, 28 Feb 2014 04:18:07 -0800

https://bugzilla.wikimedia.org/show_bug.cgi?id=62049


            Bug ID: 62049
           Summary: Abuse filters can be fooled by using U+200B ZERO WIDTH
                    SPACE (ccnorm doesn't remove/normalize them)
           Product: MediaWiki extensions
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: AntiSpoof
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected], [email protected]
       Web browser: ---
   Mobile Platform: ---

As you can check on
https://test.wikipedia.org/wiki/Special:AbuseFilter/tools
ccnorm("BAD")!==ccnorm("BAD")
where the first string has just 3 characters and the second one has a few
invisible characters inside it.

Therefore, anyone can fool abuse filters which try to avoid ofenses, badwords,
etc.. by just copying invisible characters in the text.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 62049] New: Abuse filters can be fooled by using U+200B ZERO WIDTH SPACE (ccnorm doesn't remove/normalize them)

Reply via email to