Open
Bug 320273
Opened 19 years ago
Updated 17 years ago
BiDi: request for a "BiDi balancing function" to avoid BiDi overlapping between objects
Categories
(Bugzilla :: Bugzilla-General, enhancement)
Bugzilla
Bugzilla-General
Tracking
()
NEW
People
(Reporter: gangleri, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5 Hallo! Please take a look at http://landfill.bugzilla.org/bugzilla-tip/show_bug.cgi?id=3253#c1 . The links beside to Comment #1 (there) are messy. This is already reported as [Bugzilla Bug 319331] mailto link generated with BiDi user name and email address gets mangled with timestamp But the *new* exmple also is using a RLO = Unicode Character LEFT-TO-RIGHT OVERRIDE - U+202D HTML Entity (decimal) ‭ – (hex) ‭ UTF-8 (hex) 0xE2 0x80 0xAD (e280ad) %E2%80%AD %e2%80%ad *without* the corresponding PDF = Unicode Character POP DIRECTIONAL FORMATTING - U+202C HTML Entity (decimal) ‬ – (hex) ‬ UTF-8 (hex) 0xE2 0x80 0xAC (e280ac) %E2%80%AC %e2%80%ac I experienced / tested many situations where information is displayed as fowllows: object_a object_b object_c ... object_foo is rendered properly. If in one of the objects the BiDi punctuation is not "ballanced" the whole list is affected. This can happen: - by mistake - as a malicious attac Please verify where Bugzilla is affected. Please verify where Chatzilla is affected. Many pages can be broken if the BiDi direction defined in one object influences accross the list. I did not experience this in tables as Bugzilla-tool search. More details are available at the bug report at landfill and at the bugs there depending on the first. see *testcases* In a chat with justdave the question was rised if it is possible to insert Javascript. I never worked with Java. However the field lenght for username (and other fileds) is limited. There might be oter places to insert it. I work on similar BiDi issues at MediaWiki. Would be happy about any feedback (leting me know about the correct algorithm to create a "BiDi balancing function") to implement such a function at MediaWiki. Thanks in advance! best regards reinhardt [[user:gangleri]] *testcases* dupe: http://landfill.bugzilla.org/bugzilla-tip/show_bug.cgi?id=3235 == does the Bugzilla product need / have a "BiDi balancing function" to avoid BiDi overlapping between objects http://landfill.bugzilla.org/bugzilla-tip/show_bug.cgi?id=3254 == Your real name" can break varios page areas http://landfill.bugzilla.org/bugzilla-tip/show_bug.cgi?id=3255 == TEST: test bug for "BiDi and general BiDI punctuation characters" [[‮resu ladnav ‭‬]] from here the text is reversed if UTF-8 is not converted --- ---- detrevnoc ton si 8-FTU fi desrever si txet eht ereh morf http://landfill.bugzilla.org/bugzilla-tip/show_bug.cgi?id=3257 == BiDi isues related to generated e-mails Reproducible: Always Steps to Reproduce: if your bugzilla configuration allows the usage of Unicode just insert or copy a RLO character in your username The problem will persist as long as the / (my) user name is not changed or as long as the "BiDi balancing function" is not implemented or the BiDi general punctuation characters are blocked.
|
||
Comment 1•19 years ago
|
||
As discussed on IRC, I see no security issue here. Only a small UI issue.
Group: webtools-security
|
||
Comment 2•19 years ago
|
||
smontagu: this is probably a bugzilla thing rather than browser, but CCing you with hopes of some insight. :) This is all new to us.
|
||
Comment 3•19 years ago
|
||
On second thought, this is not exactly a [blocker will fix] thing. Maybe we should keep this open if we really get around implementing a BiDi balancing algorithm. For now (read: for 2.22), I think we should focus on bug 319331.
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [blocker will fix]
Target Milestone: --- → Future
|
||
Comment 4•19 years ago
|
||
Correct Bidi balancing would be a little tricky to implement. One would have to compute the embedding level at the end of the object according to http://www.unicode.org/reports/tr9/index.html#Explicit_Levels_and_Directions and then add enough PDFs to bring the embedding level back to zero. For reference, our implementation of these rules for the browser is in nsBidi::ResolveExplicitLevels() at http://lxr.mozilla.org/seamonkey/source/layout/base/nsBidi.cpp#565
|
|
||
Comment 5•19 years ago
|
||
Also, what I am quoted as saying in bug 319331 comment 0 is not quite right: <smontagu> the bug with the mangled ordering could also be fixed by style="direction: ltr; unicode-bidi: embed;" That works great if the object contains one RLO character, but if it contains two, it has no net effect.
|
||
Updated•18 years ago
|
Target Milestone: Future → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•