Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

Related: we built a homoglyph linter for Go source code, to help detect potentially malicious homoglyph substitution: https://github.com/NebulousLabs/glyphcheck

UTF-8 source code is nice for i18n, but it also opens the door to these kinds of attacks.



That’s a good start, but unless I’m misreading it[1] the range of homoglyphs it checks for is rather small. You might be better off importing the Unicode Consortium’s list of ‘confusables’[2] if you’re planned automated linting.

[1] https://github.com/NebulousLabs/glyphcheck/blob/f6483dd9e97a...

[2] http://www.unicode.org/Public/security/latest/confusables.tx...


Whereas, in Perl, we have a module for executable whitespace: http://www.perlmonks.org/?node_id=270023

Damian Conway is a wonderful mad genius.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: