| ▲ | develatio 4 days ago | |
and "that's it"? I mean, it does sound like it might introduce unexpected UI behaviour, but are there any other more serious / dangerous consequences? | ||
| ▲ | yencabulator 4 days ago | parent | next [-] | |
One of my pet peeves is when UIs don't clearly constrain and delineate the extent of user-controlled text. Plenty of phishing attacks have relied on having attacker-controlled input seem authoritative, e.g. getting gmail to repeat back something to the victim. | ||
| ▲ | JimDabell 4 days ago | parent | prev | next [-] | |
Making any page that mentions you – including admin pages that might be used to disable your account – become unreadable is bad enough. Another comment linked to this: | ||
| ▲ | immibis 3 days ago | parent | prev | next [-] | |
Yes, dangerous consequences of unexpected UI behaviour: imagine writing a URL backwards with a right-to-left override, and it clearly says www.yourbank.example but it goes to www.evilsite.example/example.yourbank.www | ||
| ▲ | LikesPwsh 4 days ago | parent | prev [-] | |
RTL lets you obfuscate file extensions. E.g. Annexe.txt (that you might assume would be safely opened by a text editor) could actually be Ann\u202Etxt.exe, a dangerous executable. | ||