Launchpad should warn when non-ASCII characters are introduced in a merge proposal
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Confirmed
|
Low
|
Unassigned |
Bug Description
Hello,
We had an incident yesterday caused copy/pasting a parameter from a man page.
The parameter was :
--delete‐delay
which is very different from :
--delete-delay
Can you spot the difference ?
In the first case, the character between "delete" and "delay" is "‐", aka U+2010, named "hyphen".
In the second case, it's the boring ASCII dash/minus sign/hyphen.
The introduced parameter did not get accepted by the program and it breaking a script.
One layer of protection against this could be implemented in Launchpad, with a warning when a merge proposal introduces a non-ASCII character in a code base.
What are your thoughts on this ?
Note that non-ASCII characters can also be used to carry attacks through various ways, e.g. https:/
Thanks
summary: |
- Launchpad should warn when unicode characters are introduced in a merge - proposal + Launchpad should warn when non-ASCII characters are introduced in a + merge proposal |
Changed in launchpad: | |
status: | New → Confirmed |
tags: | added: code-review feature |
Changed in launchpad: | |
importance: | Undecided → Low |