https://xenforo.com/community/threads/⠀.148984/
https://xenforo.com/community/threads/͏.148985/
https://xenforo.com/community/forums/test-messages.6/
Using these given unicode symbols:
https://en.wiktionary.org/wiki/⠀
https://en.wikipedia.org/wiki/Combining_Grapheme_Joiner
(notice the latter one is actually 0 width)
it's possible to create visible empty strings. While some links are still clickable depending on which characters are used, and technically those strings are not empty, this is really disturbing.
And in case they are not clickable, this is really a risky bug.
Additionally, it's really hard to even track those in the slightest bit because they're unicode characters.
Not to forget it's possible to generate an equivalent to
I'm pretty sure this is not a XF only, XF related or XF caused bug and I've talked to a PHP dev in private, but his suggestion is to utilize IntlChar. I'm not sure if it's worth creating an official bug report on their side, though, so yea.
https://xenforo.com/community/threads/͏.148985/
https://xenforo.com/community/forums/test-messages.6/
Using these given unicode symbols:
Code:
⠀
͏
https://en.wikipedia.org/wiki/Combining_Grapheme_Joiner
(notice the latter one is actually 0 width)
it's possible to create visible empty strings. While some links are still clickable depending on which characters are used, and technically those strings are not empty, this is really disturbing.
And in case they are not clickable, this is really a risky bug.
Additionally, it's really hard to even track those in the slightest bit because they're unicode characters.
Not to forget it's possible to generate an equivalent to
nbsp;
even though html parsing is deactivated or use multiple spaces when otherwise not permitted.I'm pretty sure this is not a XF only, XF related or XF caused bug and I've talked to a PHP dev in private, but his suggestion is to utilize IntlChar. I'm not sure if it's worth creating an official bug report on their side, though, so yea.
Last edited:
Upvote
1