Hacker Read

int_19h | karma 21203 | avg karma 1.69 · 2017-03-03 03:14:27

"Bad" characters in this context is control characters. So no, it would not affect internationalization at all.

eriknstr | karma 1862 | avg karma 3.26 · 2017-03-03 10:52:05

I missed the portion where that was said. I read through all of the comments about this and replied to the last one thinking we were still talking about things like spaces and newlines. My comment would have been better placed as a reply elsewhere. Sorry about that.

Still though, even if we only block some control characters, doing so could lead to problems with future character encodings.

Personally I hope UTF-8 / UTF-16 / UTF-32 is the final set of character encodings but we can't know that it will be.

reply

webmaven | karma 13964 | avg karma 2.46 · 2017-03-05 03:58:22+00:00

> "Bad" characters in this context is control characters.

For sufficiently narrow definitions of "bad", sure.

It is probably a bad idea to allow mixed character-set filenames, as that allows homograph attacks[0], and there are other non-control characters like the zero-width space and it's brethren that should be disallowed across the board.

In English you probably also want to disallow ligature characters like ?, ?.[1]

There are other "good idea" limitations that may affect internationalization of various languages (not in terms of making it difficult, just constraining it, as in the above English ligature example).

For example, it is probably a good idea to disallow Hebrew diacritic symbols[2] like niqqud in filenames.

[0] https://en.wikipedia.org/wiki/IDN_homograph_attack

[1] https://en.wikipedia.org/wiki/Typographic_ligature#Ligatures...

[2] https://en.wikipedia.org/wiki/Hebrew_diacritics

reply

int_19h | karma 21203 | avg karma 1.69 · 2017-03-05 08:10:39

> It is probably a bad idea to allow mixed character-set filenames

As someone who would be affected by this directly, I can tell you right away this rule would be a no-go. I plainly need the ability to mix Latin and Cyrillic characters in my filenames. A filesystem or OS that wouldn't let me do so wouldn't even be considered.

A very simple rule of thumb is, if it is a title of a book (or a song, or a film etc), it should also be a valid filename.

reply

webmaven | karma 13964 | avg karma 2.46 · 2017-03-05 08:15:38

Interesting. Are those filenames used in contexts where homographs could be more than a minor annoyance?

int_19h | karma 21203 | avg karma 1.69 · 2017-03-05 12:42:36+00:00

I guess? If a malicious attacker could gain access to my FS and create homographs, figuring out which is which while browsing the filesystem would be non-trivial.

But I find it an unlikely attack vector to begin with. The main concern with homographs is in URLs and other external resources.

reply

webmaven | karma 13964 | avg karma 2.46 · 2017-03-09 03:41:15+00:00

I guess I am thinking of contexts like uploaded files, or shared network drives.

int_19h | karma 21203 | avg karma 1.69 · 2017-03-05 21:40:30+00:00

BTW, whether a character is or isn't a homograph depends very much on the font. For example, Cyrillic letter '?' has no obvious visual counterpart in Latin... but as soon as you use cursive, it becomes '?'. Which is visually indistinguishable from cursive 'u': 'u'.

Same thing with the letter '?': in cursive, it becomes '?', which in many (but not all) fonts looks the same as cursive 'm'.

reply