[swift-evolution] Prohibit invisible characters in identifier names

Vladimir.S svabox at gmail.com
Mon Jun 20 13:26:09 CDT 2016


Very interesting.

Btw, IBM Swift Sandbox shows these spaces:
https://swiftlang.ng.bluemix.net/
But my mail client does not - i.e. I saw exactly the same "test"&"abc"

Also, I read about some issues with left-to-right and right-to-left markers 
that also somehow change the actual text of source - i.e. you see one text, 
but when it compiles - it works not as expected. I.e. viewer/editor 
processes these special codes and show you one text, but compiler treats 
text in another way.

I believe it is a potential security problem that all unicode chars are 
allowed for variables/func names in Swift. IMO We definitely should limit 
allowed charset for identifiers in sources.

On 20.06.2016 20:51, João Pinheiro via swift-evolution wrote:
> Recently there has been a screenshot going around Twitter about C++ allowing zero-width spaces in variable names. Swift also suffers from this problem which can be abused to create ambiguous, misleading, and potentially obfuscate nefarious code.
>
> I would like to propose a change to prohibit the use of invisible characters in identifier names.
>
> I'm including an example of problematic code at the bottom of this email.
>
> Sincerely,
> João Pinheiro
>
>
> /* The output for this code is:
>  A
>  B
>  C
>  1
>  2
>  3
>  */
>
> func test() { print("A") }
> func t​est() { print("B") }
> func te​st() { print("C") }
>
> let abc = 1
> let a​bc = 2
> let ab​c = 3
>
> test()
> t​est()
> te​st()
>
> print(abc)
> print(a​bc)
> print(ab​c)
> _______________________________________________
> swift-evolution mailing list
> swift-evolution at swift.org
> https://lists.swift.org/mailman/listinfo/swift-evolution
>


More information about the swift-evolution mailing list