https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103027
Reini Urban <reini.urban at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |reini.urban at gmail dot com
--- Comment #4 from Reini Urban <reini.urban at gmail dot com> ---
Just checking confusables.txt and ignoring the official TR39 Unicode security
guidelines for identifiers won't get you very far. It's merely fighting a tiny
symptom of a huge attack space.
I suggest to properly implement TR39, such as I did in libu8ident and proposed
to the C++/C working groups. Latest here:
https://github.com/rurban/libu8ident/blob/master/doc/P2528R1.md
confusables.txt itself is almost useless. I used it only to restrict some Greek
letters not to be confused with its Latin counterparts. Checking mixed scripts
is much more secure.
Note that the TR31 XID lists are also pretty insecure still, even if C23 will
restrict the XID's to the official TR31 XID lists.
