Issue 45810: Prohibit invisible control characters in string literals and comments

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/89968

classification

Title:	Prohibit invisible control characters in string literals and comments
Type:	security	Stage:
Components:	Interpreter Core	Versions:	Python 3.11

process

Status:	open	Resolution:
Dependencies:		Superseder:
Assigned To:		Nosy List:	serhiy.storchaka, steven.daprano
Priority:	normal	Keywords:

Created on 2021-11-15 23:11 by steven.daprano, last changed 2022-04-11 14:59 by admin.

Messages (1)
msg406370 - (view)	Author: Steven D'Aprano (steven.daprano) *	Date: 2021-11-15 23:11
Currently invisible control characters aside from whitespace (tabs, newlines, formfeeds, carriage returns) are prohibited outside of comments and string literals. As discussed in this thread: https://mail.python.org/archives/list/python-dev@python.org/message/DN24FK3A2DSO4HBGEDGJXERSAUYK6VK6/ we should ban C0 and C1 control characters (aside from \t\n\f\r) in string literals and comments too. To be clear, the ban is on actual invisible control characters, not escape sequences.

msg406370 - (view)

Author: Steven D'Aprano (steven.daprano) * (Python committer)

Date: 2021-11-15 23:11

Currently invisible control characters aside from whitespace (tabs, newlines, formfeeds, carriage returns) are prohibited outside of comments and string literals. As discussed in this thread:

https://mail.python.org/archives/list/python-dev@python.org/message/DN24FK3A2DSO4HBGEDGJXERSAUYK6VK6/

we should ban C0 and C1 control characters (aside from \t\n\f\r) in string literals and comments too.

To be clear, the ban is on actual invisible control characters, not escape sequences.

History
Date	User	Action	Args
2022-04-11 14:59:52	admin	set	github: 89968
2021-11-15 23:11:24	steven.daprano	create