Post Syndicated from original https://lwn.net/Articles/875964/rss

The Trojan Source vulnerabilities have been
rippling through various development
communities since their disclosure on
November 1. The oddities that can arise when handling Unicode, and
bidirectional Unicode in particular, in a programming
language have led Rust, for
example, to check for
the problematic code points in strings and comments and, by default,
refuse to compile if they are present. Python has chosen a different path,
but work is underway to help inform programmers of the kinds of pitfalls that
Trojan Source has highlighted.