Bidirectional characters warning in Atlassian products
問題
The following message is displayed when hovering over highlighted unicode characters in Atlassian products including Bitbucket, Jira, Confluence, and others.
Bidirectional characters change the order that text is rendered.
This could be used to obscure malicious code.Here's an example of the message appearing in a code block in Confluence Data Center.
In mobile apps and mobile web views, the characters are displayed and highlighted, without the tooltip.
原因
Unicode bidirectional override characters are used to specify the order that characters should be displayed, for example to support right-to-left languages. These special characters are typically not displayed in the browser or code editors, but can affect the meaning of the source code when it is processed by a compiler or an interpreter. For this reason we display and highlight bidirectional characters so you can identify them in your code, or code snippets.
For more information see:
- 複数の製品向けのセキュリティ勧告 - レンダリングされない Unicode の双方向オーバーライド文字 - CVE-2021-42574
- CVE-2021-42574 - クラウド サイトにおける、レンダリングされない Unicode の双方向オーバーライド文字
- CVE-2021-42574 の FAQ
ソリューション
If you encounter bidirectional characters in a pull request, code snippet, or code block, we recommend you take some time to understand what the characters are doing, and how the code will be interpreted when executed.
You can learn more about these characters in the unicode specification.