google - Dave's Blog


Right-To-Left Override Twitter Name

2020 Oct 21, 3:50

Its rare to find devs anticipating Unicode control characters showing up in user input. And the most fun when unanticipated is the Right-To-Left Override character U+202E. Unicode characters have an implicit direction so that for example by default Hebrew characters are rendered from right to left, and English characters are rendered left to right. The override characters force an explicit direction for all the text that follows.

I chose my Twitter display name to include the HTML encoding of the Right-To-Left Override character #x202E; as a sort of joke or shout out to my favorite Unicode control character. I did not anticipate that some Twitter clients in some of their UI would fail to encode it correctly. There's no way I can remove that from my display name now.

Try it on Amazon.

How about pages that want to tell you about the U+202E. 


Tweet from David Risney

2016 Nov 20, 2:47
Just fun: draw a sketch and see how fast a Google neural net takes to figure out what it is 

Tweet from emily schechter

2016 Sep 8, 1:12
in Chrome 56, we'll mark HTTP pages with password or credit card form fields as "not secure". turn on HTTPS before! 

Tweet from gregwhitworth

2016 Jun 7, 1:43
Dear @google, please store my answer to this question so I don't see this every time I start a browser session.

Retweet of securinti

2016 Feb 4, 6:11
[WRITE-UP] A tale of two offline @google Chrome UXSS vulns! …

Retweet of Grathio

2015 Dec 4, 8:02
Good news! the patent on the Space Shuttle has expired. Go and build, royalty free! …

Retweet of doctorow

2015 Nov 18, 8:40
Google steps up to defend fair use, will fund Youtubers' legal defenses …

Tweet from David_Risney

2015 Nov 13, 1:37
Cop pulls over car for driving 10mph under speed limit to find no driver in self driving car and issues no ticket. …

Retweet of ThBenkoe

2015 Sep 4, 10:49
The difference between Google & Microsoft.

Retweet of tobint

2015 Jul 29, 3:54
Thanks, @googlechrome! The icing suffers from rendering/layout issues. It's what's inside that counts! What's inside?

Retweet of stshank

2015 Apr 13, 9:23
UIforETW: New open-source tool from Google to make it easier to use Microsoft Event Tracing for Windows (aka xperf): 

Retweet of sleevi_

2015 Apr 7, 2:41
Rad to see Mozilla in on the fun! For Chrome, see!topic/blink-dev/2LXKVWYkOus … and!topic/security-dev/pnsUO-KxzTs … // @metromoxie …

Retweet of CastIrony

2015 Mar 31, 10:09  is funny until you remember ICANN is selling out their core mission to enable crap like that.

Tweet from David_Risney

2015 Mar 24, 9:59
Chrome to implement pointer events!!topic/blink-dev/ODWmcKNQl0I …

Retweet of ivanristic

2015 Feb 26, 2:45
Blink browser engine: "Intent to deprecate: Insecure usage of powerful features"!msg/blink-dev/2LXKVWYkOus/gT-ZamfwAKsJ … < Pushing toward more HTTPS

Detect login with CSP - When Security Generates Insecurity

2014 Jul 8, 1:13

An interesting way to use the report-uri feature of CSP to detect if a user is logged into Google, Facebook etc.

PermalinkCommentstechnical security csp web

A high-profile fork: one year of Blink and Webkit Some stats...

2014 Jun 3, 9:10

A high-profile fork: one year of Blink and Webkit

Some stats and analysis at a very high level of the Blink fork from Webkit.

PermalinkCommentstechnology browser webkit blink apple google

XSS game

2014 May 29, 1:10

Google’s XSS training game. Learn how to find XSS issues for fun and profit.

PermalinkCommentstechnical web security xss google

Inside The Tech Stack Digg Used To Replace Google Reader ⚙ Co.Labs ⚙ code + community

2013 Jul 26, 7:21PermalinkCommentstechnical digg javascript js library

Microsoft will pay up to $100K for new Windows exploit techniques

2013 Jun 21, 4:29

Good news everyone! Of course Microsoft employees are not eligible but that’s probably for the best.

PermalinkCommentssecurity exploit money microsoft technical
Older Entries Creative Commons License Some rights reserved.