New Rule: no-null-character

[lumirlumir]

Rule details

Disallow the null character (U+0000) in Markdown documents.

What type of rule is this?

Warns about a potential problem

Example code

<!-- NULL (U+0000) Character -->

Prior Art

Nothing.

Participation

• I am willing to submit a pull request to implement this rule.

Additional comments

Hello,

In this PR, I would like to suggest no-null-character.

According to the CommonMark specification (Section 2.3), the Unicode NULL character (U+0000) must be replaced with the Replacement Character (U+FFFD) for security reasons.

The NULL character can cause issues such as early string termination in many programming languages, leading to truncated output or unexpected behavior. It also poses security risks like input validation bypass, XSS, and injection attacks. Additionally, many parsers and rendering engines do not handle U+0000 properly, which can cause crashes or rendering problems.

Adding an ESLint rule to detect and disallow U+0000 helps prevent these risks, ensures compliance with Markdown and web standards, and improves code safety and reliability.

[nzakas]

Thanks for the suggestion. I'm not sure how common a problem this is. People typically don't accidentally type a null character into a document. This seems like something that someone could create as a custom rule if they really want it, but I'd need to see some evidence that this is a common enough problem in the real world to add it into this plugin.

@eslint/eslint-team thoughts?

[lumirlumir]

Ping @eslint/eslint-team

[TKDev7]

Since neither remarklint nor markdownlint have a rule for null characters, that seems to reinforce the idea that this isn’t a common issue in practice.

[snitin315]

Thanks for the proposal. This seems like an uncommon issue, so I feel the benefit of the rule justifies the effort to implement and maintain it.

[snitin315]

This seems like a rarely used