add anti-trojan charset detection #1742
Comments
|
Seems like this might be added directly to ESLint: eslint/eslint#15240 |
|
Just as a note, the plugin linked doesn't actually detect the attack the article you linked explains; it seems the plugin is only for the bidi detection, not the invisible/homoglpyh ones the article is about. It seems the built-in eslint rule proposal @LinusU pointed to would cover all the cases unlike the plugin. |
|
Let's wait for the core one then, and keep this one open to track it 👍 |
|
It seems still open on the main repo... After almost a year, should we reconsider adding it directly to Standard? |
|
I pinged in the eslint issue, let's see if there is an update... |
|
Upstream has requested that we file a feature request here: https://github.com/nodesecurity/eslint-plugin-security @simone-sanfratello or @lmammino, would you be able to do this? |
|
Yes! |
What version of this package are you using?
usually the latest
What problem do you want to solve?
https://certitude.consulting/blog/en/invisible-backdoor/
What do you think is the correct solution to this problem?
use this plugin https://github.com/lirantal/eslint-plugin-anti-trojan-source
Are you willing to submit a pull request to implement this change?
yes
The text was updated successfully, but these errors were encountered: