-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add anti-trojan charset detection #1742
Comments
Seems like this might be added directly to ESLint: eslint/eslint#15240 |
Just as a note, the plugin linked doesn't actually detect the attack the article you linked explains; it seems the plugin is only for the bidi detection, not the invisible/homoglpyh ones the article is about. It seems the built-in eslint rule proposal @LinusU pointed to would cover all the cases unlike the plugin. |
Let's wait for the core one then, and keep this one open to track it 👍 |
It seems still open on the main repo... After almost a year, should we reconsider adding it directly to Standard? |
I pinged in the eslint issue, let's see if there is an update... |
Upstream has requested that we file a feature request here: https://github.com/nodesecurity/eslint-plugin-security @simone-sanfratello or @lmammino, would you be able to do this? |
Yes! |
What version of this package are you using?
usually the latest
What problem do you want to solve?
https://certitude.consulting/blog/en/invisible-backdoor/
What do you think is the correct solution to this problem?
use this plugin https://github.com/lirantal/eslint-plugin-anti-trojan-source
Are you willing to submit a pull request to implement this change?
yes
The text was updated successfully, but these errors were encountered: