WIP: Add Ambiguous Character Detection to Description, FullName and others

[zeripath]

Users can change their description, full-names and others to include
ambiguous and invisible characters which may lead to misleading
information.

This PR adds ambiguous/invisible character detection to these fields.

Signed-off-by: Andrew Thornton [email protected]

[silverwind]

Does seem a bit over-the-top to me as in theory, any user-provided content can include those characters. In code it does somewhat makes sense to detect possible trickery, but I wonder if we really need to expand this mechanism outside code.

[zeripath]

Does seem a bit over-the-top to me as in theory, any user-provided content can include those characters. In code it does somewhat makes sense to detect possible trickery, but I wonder if we really need to expand this mechanism outside code.

It's really not over the top.

The user's full name is displayed in several places. Look at the following:

Αոԁгеԝ Тһοгոtοո

Only one of those letters is in the ASCII range.

The user's location and website are all displayed directly to the user.

The email address is displayed on the admin pages and this could be very confusing indeed.

Whether we should be confusable checking commit messages I don't know but the others seem serious enough to me.

[wxiaoguang]

I do not think it's right to detect Ambiguous Character everywhere.

It already causes a lot of complains for the wiki pages, but nobody ever complains "there is no Ambiguous Character detection".

So I would suggest to close this PR.

[silverwind]

I agree. It's a nice idea in theory but I think no one wants to see a warning just because the put a non-standard quote somewhere. It only is relevant to code, and even there, the current detection is too aggressive.

So I think we should not extend this beyond code and trim down to the detection to only warn on really nefarious stuff like unicode writing mode change characters and such.

See:

#23682
#23149
#24483