javascript allows[0] this invisible character in variable names... can you see it in your editor?
let goodbye = 1
let goodbye = 2
let goodbye = 2
The Good
In vscode,
In vim,
The Bad
In letz,
In github, which is surprising since a lot of code review gets done via their web interface?
They can be fed to xxd or vim to show you the character again.
They can be fed to xxd or vim to show you the character again.
Or you can search for ZWJs locally (but not on github?)
s@sa:~/src/letz$ grep -rnP '\x{200D}' src | sed -n 'l'src/routes/Code.svelte:21: let good\342\200\215bye = 2$
Really?
Vite|typescript will not have it:
But devtools will:
Oh Well
Could be exploited huh?
[0] https://262.ecma-international.org/14.0/#sec-names-and-keywords
No comments:
Post a Comment