Originally published at: https://boingboing.net/2019/10/10/feff-200c-200d-200e-2060-180e.html
…
Nothing to see here…
Oh, yeah, “Security by Obscurity” . I think Mr. Schneier has something to say about this gambit.
Fuuuuuck that one! For some reason Mediawiki, the software that Wikipedia and I use for stuff, is prone to picking that one up in copy-pastes. They’ll lurk in article text causing annoying problems until bots on seek and destroy missions can eliminate them.
Oh man, I used to troll the shit out of a LiveJournal community I didn’t like with a slightly similar trick many years ago. I came up with a technique to hide a autoplaying Vimeo video full of odd sounds in anonymous comments. I set the pixel width and height count in the embed code to ‘0 by 0’ and it was pretty much invisible (i’m not a coder or web designer so I was thoroughly impressed I could come up with such a thing on my own). The moderators had to go to each one of the comments to find the comment that was playing the video
I kind of like how these make it hard for cheating intro CS students. “Prof, the code I wrote doesn’t work…”
For the curious, here’s the hidden text:
<p>\n\ufeff\ufeff\ufeff\ufeff\n</p>
Here’s more info on this BOM (byte order mark) character from Wikipedia:
Encoding Representation (hexadecimal) Representation (decimal) Bytes as CP1252 characters
UTF-16 (BE) FE FF 254 255 þÿ
“If encountered anywhere in such a text stream, U+FEFF is to be interpreted as a ‘zero width no-break space’.”
I was hoping for a message, but I guess EFF is in there, so good enough.
Except any decent text string parser is going to strip out any non-word characters before doing anything with it. Most basic web form encoding/decoding nukes all that.
This topic was automatically closed after 5 days. New replies are no longer allowed.