edg2s
commented
1 year ago cc @sbassett29
Closed edg2s closed 1 year ago
edg2s
commented
1 year ago cc @sbassett29
sbassett29
commented
1 year ago This is probably another rule that we could likely disable, or at least disable for JSON files. I think these bidi checks (which are popular in many security tools these days) are likely less relevant or will introduce more noise for various Wikimedia projects, as they tend to implement so much in the way of i18n/l10n.
hashar
commented
1 year ago Disabling the bidi characters detection was done after it failed on some of Wikimedia translation files. See rationale at https://phabricator.wikimedia.org/T338610#8919244
edg2s
commented
1 year ago Has something changed? This was already disabled on JSON files back in May which was released in 0.25.1...
jdforrester
commented
1 year ago Has something changed? This was already disabled on JSON files back in May which was released in 0.25.1...
Nothing has changed, it's just that almost no repos have updated to 0.25.1 yet; updating to 0.25.1 was indeed the fix applied for the Growth team.
For example:
Given that this protects against "Trojan source" (https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-bidi-characters.md), I don't see how this would apply to a JSON data file.
Furthermore as JSON doesn't support comments for inline disables, this can't be disabled per line.