Skip to main content
Skip table of contents

How to hide markers shown for Unicode directionality formatting characters

Background

On the 1st of November 2021 a Common Vulnerability Exposure (CVE) was published against the Unicode specification https://nvd.nist.gov/vuln/detail/CVE-2021-42574. The CVE describes how malicious actors can use directionality formatting characters, intended to allow to combine languages that are written and read from right to left and from left to right, to obfuscate the real semantics of source code. This could then be used to distribute malicious code via websites or try to submit malicious code into Open Source Software (OSS), where typically a human reader would review the code, and thus attack the supply chain of those using that OSS.

In response to the Unicode directionality formatting characters vulnerability the Scroll Viewport team took the stance of 'better safe than sorry' and chose to expose directionality formatting characters that are encountered on a page rendered through Scroll Viewport. Through this approach the functionality of the pages stays untouched, but directionality formatting characters should be clearly visible in the content and describe the possible danger of their usage. This mechanism was implemented in version 2.19.4 of Scroll Viewport.

The Scroll Viewport app cannot discern malicious and legitimate use of the directionality formatting characters and thus users might want to hide the warnings on their Scroll Viewport site in all or specific contexts.

To hide the warnings you can use CSS in your theme or custom CSS applied to the Help Center theme.

To unconditionally hide the markers you can use the following CSS:

CSS
.sv-bidi-marker:before {
  display: none;
}

To only hide the markers when in code blocks or inline code you can use the following CSS:

CSS
code .sv-bidi-marker:before {
  display: inline;
}
.sv-bidi-marker:before {
  display: none;
}
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.